isa 2006 & tmg query

hi as a learning curve/test, ive configured a win 2003 domain platform attached to a win 2003/2 nic - 'isa 2006' standard via netgear router box direct to internet successfully providing internet access for internal domain users and a successful remote vpn.

my next task is to learn and configure the 'site-to-site vpn/branch office etc

note: currently i only have 32bit machines and have setup in the passed a windows 2008 32 bit basic user domain for learning curve.

note: i am aware tmg 2012 requires a win 2008/64 bit platform as not supported on win 2003!!

note:  forefront tmg is not supported on all editions of windows server 2008
- Installation of forefront tmg is only supported in standard, enterprise and datacenter edition and is not supported on windows server core!

i am now reading 'url':


question 1.  am i understanding below correct that i should do the following:

- 'export' my isa 2006/standard and save
- complete fresh install of - TMG_ENU_Management_x86
- lastly 'import' - saved isa 2006/standard configurations

"In-place upgrade from ISA Server 2004/2006 to Forefront TMG is not supported
- You have to export the ISA Server configuration and to import this configuration on a fresh TMG installation"  - ?

question 2.

what is the difference between isa 2006 & forefront tmg ?

question 3.

as i have downloaded both 'evaluation copies' im trying to understand when i should use:

- isa 2006 enterprise - ?
- TMG_ENU_Management_x86 - ?

it would be appreciated if i could get a specific answer to each of the 3 questions above so will have some direction as i have chosen to learn step by step and eventually evolve across to 'tmg 2012' when i have 64 bit machines!! :)
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
ISA is for 32-bit environments up to and including 2003, TMG is 64-bit from Windows Server 2008 onwards. Whilst there was an early beta version of TMG for 32-bit windows server 2008 this should not be used - would be like comparing a Model T ford and a ferrarri and saying they are the same because both are cars.

ISA should not be used for ANY new installation really as is now out of mainstream support. The tmg_enu_management_x86 is NOT FTMG, it is the management system.

The fundamentals between isa and TMG are not huge but how they do 'under the covers' is significant. TMG gives you all the url categories that you can allow/deny built in to the solution rather than having to create them all manually. Still does proxy, stateful inspection/firewall and application gateway/publishing. Still is VPN solution etc but the GUI has been updated by a lot. Also - as mentioned - it only runs on a 64-bit OS (and cannot be installed on a normal DC).

TMG/UAG are COMPLETELY different products within the Forefront family product. UAG is the enterprise product for remote access and publishing (protecting the internal networks from 'things' that are allowed IN access the internal networks/services); TMG is the Enterprise product for Proxy etc (protecting internal users and services when they go OUT to the untrusted environments such as the Internet etc).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikey250Author Commented:
hi keith again!!!:)  ok!

when you say:  "The tmg_enu_management_x86 is NOT FTMG, it is the management system". - what should i do with it although old as you say (dont forget only learning curve for me in the visual sense also as never clapped eyes on isa products at all until you've assisted me ?

until i can evolve/afford 64 bit!!

also this comment below is stated in the 'url' in my main thread above:

"In-place upgrade from ISA Server 2004/2006 to Forefront TMG is not supported
- You have to export the ISA Server configuration and to import this configuration on a fresh TMG installation"
Keith AlabasterEnterprise ArchitectCommented:
If you have a spare server - and can get hold of the Windows server 2008 32-bit edition to put on the said server - then you can try and install it. If you have not got one/can not get the OS then it is useless to you - and can be junked.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

mikey250Author Commented:
yes i do have a win 2008 32bit as i already at the end of last year configured it as 'dc/dns/dhcp', with gpmc/software installed automatically onto a client machine just to test and that was it just to get familiar with the 'os'!  it is not installed now though!!

i have no spare 'server' yet until ive finished with isa 2006 standard
Keith AlabasterEnterprise ArchitectCommented:
OK - the 32-bit beta copy of TMG was three years ago now but I am pretty sure that was the name of it. The size of the x86 file might help to point it out whether this is just the management part (whiis lterally just the management piece or the full beta version before it went to 64-bit only.
mikey250Author Commented:
ok.  thanks for that!!

i will now look into 'site-to-site vpn' and 'branch office' or whatever with isa 2006 standard.  once done can you tell me what i should be doing with isa 2006 enterprise although other than linking multiple sites to do what isa 2006 standard does, im not sure ?

im gonna call it a night now until tomorrow!!

thanks for replying!!:)
Keith AlabasterEnterprise ArchitectCommented:
The only purpose of ISA Enterprise against ISA standard is if you want to use the NLB function within ISA or you want to have two ISA nodes in an array for resilience/failover.
mikey250Author Commented:
hi keith, i did an isa 2006 fundamental video course over a week in between my other stuff at home online the other week but it only touched upon the 'enterprise' but yes i remember them stating what you have just said.

all good so i can leave that for the time being really!!

Keith AlabasterEnterprise ArchitectCommented:
Yep :)
mikey250Author Commented:
mikey250Author Commented:
i have a 'dns server publishing' thread out there!! dont suppose you can look at it for me!!

ignore my comments above ive just had a good response so will not configure it unless i look at 'split dns'.  will go on to do list for another day!!
mikey250Author Commented:
sound advice!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.