You'll also need to use the dial and screen to create a base firewall rule to allow remote management access. We found the dial a pain to use for setting addresses but at least once we'd finished it could be locked down and secured with a PIN.
With a DHCP-enabled network, you can go straight to web browser management where you'll be greeted with the Celestix Comet interface. This has been designed specifically to remotely manage TMG and it starts with a wizard to help get you up and running.
You have four deployment options and we chose to position the appliance in the lab as an edge firewall. An advantage of having Windows Server on the appliance was it only took a few minutes to integrate it into our AD domain.
Firewall policies can be applied to AD groups and users which consist of source and destination networks or hosts, allow or deny actions and protocols. Wizards are also provided for securely publishing LAN resources such as Exchange web access, SharePoint sites or web servers. For the latter you also have an option for declaring server load balancers.
TMG's web security is vastly superior to ISA Server as malware inspection is carried out automatically whilst NIS uses a regularly updated signature database to watch out for known exploits. Web filtering gets a big boost as Microsoft now provides over seventy URL categories that can be blocked at the gateway.
We found the URL filtering worked very well with our test clients blocked from all manner of dubious sites including games and gambling. A new feature is an option to allow selected users to override a blocking rule. TMG's URL category query tool also proved very useful during testing.
