Proxy is just one of type of corporate firewall. My vision that many Microsoft users are only IT people and don't know the differences in types of firewalls. I don't know if there is one appliance/software that fits all or if different pieces of equipment are required in our situation. Reverse proxying of RD Web Access, Exchange ActiveSync, web servers as well as PPTP (PEAP) areĪlso important for us. So if someone can recommend a firewalling/proxying solution that can transparently handle "stubborn applications" in a way TMG did then please let me know. And it might also be a legal issue "who did We have a lot of this, users using PCs from their colleagues, moves of people between departments, stuff like that. no matter what PC, no matter the network segment the user logs in - the permissions follow. In my view some organizations seem to be a bit too IP-centric what we have been practising for years and I regard the "real MS AD way" is to base the majority of user permissions on group memberships ("roles") so the user is an independent entity And if needed just drop a proxy exclusion using Group Policy to the users based on Group Membership and you are good to go.
There is a lot of "crap" LOB software out there which doesn't play with NTLM/Kerberos authenticating proxies Įither you go for an IP rule nightmare, which is neither flexible nor secure, or you use a TMG approach incorporating Firewall Client.
I just have learned recently of TMG's demise and am very sad about it, too.Īn important point many people seem to forget/miss is user authentication and, how I'd call it, transparent proxying/firewalling (Firewall Client). LAN/WAN router with 5 connected networks and virtually 3 next connected by dialup lines I know company with ISA 2006 array performing tasks as: I don't know other error-less software from Microsoft that just works. Now, some "network guys" will be responsible how it will work. They don't want to use other types of software - because just mail admins can control how smtp or other In our case, every Exchange migration/implementation is equal to implementation of ISA/TMG.
Of course we can implement several Direct Access implementations in one company, but external workers are enforcedĪbandon of ISA/TMG line is completely stupid Microsoft's step. VPN for external workers who shouldn't access all services as company's workers. Direct Access is not a replacement of VPN in few scenarios, e.g.