?
Solved

Forefront TMG 2010

Posted on 2011-05-13
6
Medium Priority
?
476 Views
Last Modified: 2012-05-11
I am planning on deploying a test server to see if I like the TMG product.  Easy question.

Do I need to join this server to the domain?  I am going to have it inside the Cisco ASA appliance.

Just wanted to see what the best practice usually is for that.
0
Comment
Question by:cjameson74
  • 4
  • 2
6 Comments
 
LVL 3

Expert Comment

by:stivostenberg
ID: 35754790
You do NOT have to join the TMG to the domain, unless you want to use domain integrated authentication for controlling access to the Internet.
0
 
LVL 3

Accepted Solution

by:
stivostenberg earned 2000 total points
ID: 35754806
Oh,  and if you dont NEED domain integrated authentication,  then best practice is to not join the domain as it reduces the attack surface.
0
 
LVL 1

Author Comment

by:cjameson74
ID: 35754818
What does domain integrated authentication do for me?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 3

Expert Comment

by:stivostenberg
ID: 35754848
Domain Integrated Authentication allows you to use a users Domain Credentials in rules to determine what they are allowed to do through the TMG.  It gives you finer grain control over what individual  users are allowed to do.  If you dont care,  and apply the same rules to everybody, then there is no need for it.
0
 
LVL 3

Expert Comment

by:stivostenberg
ID: 35754890
Oh,  sorry,  was thinking only about outbound connections.   Are you planning on having users come IN through TMG?  In that case,  joining the domain allows them to use Domain Creds to get in, assuming you set the rules to perform that function.  In both cases, inbound and outbound, joining the Domain allows you to authenticate to the TMG using the domain credentials, rather than some other authentication scheme.
0
 
LVL 1

Author Comment

by:cjameson74
ID: 35754895
Well right now I am just trying to find something to replace my Cymphonix.

TMG is something that we can access for free due to our MS partner network agreement.  SO I am just testing it for now.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question