Table of Contents
Microsoft ISA/TMG - Miscellaneous
Microsoft Internet Security and Acceleration Server 2006
Internet Security and Acceleration (ISA) Server TechCenter
Microsoft ISA Server 2006 Tools
How to Distribute Firewall Client for ISA Server
Automatic Detection Concepts in ISA Server 2006
ISAserver.org
Jim Harrison's ISA Tools Repository
ISAscripts.org - Scripts to manage Microsoft ISA Server.
TMG 2010 end of support
Richard Hicks' Forefront TMG Blog - Forefront TMG 2010 End of Life Statement
Microsoft - Server & Cloud Blog - Important Changes to Forefront Product Roadmaps
Blogs
Me, Myself and ISA Blog en de TMG versie:Closer to the Edge Blog
Blogposts/Articles
ISA Server 2006 Cache Q&A
ISA discovery via DNS – een weetje! describes wpad and the HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList to which wpad was added with patch MS09-008, see also Microsoft Support - Changes to DNS server behavior after you install the security update for DNS server (KB968732)
ISAserver.org - LDAP Pre-authentication with ISA 2006 Firewalls: Using LDAP to Pre-authenticate OWA Access (Part 3)
TMG 2010
TechNet Magazine > Home > Issues > 2010 > March > Using Microsoft Forefront TMG 2010 as a Secure Web Gateway
TechNet Blogs » Forefront TMG Product Team Blog » NIS & Anti-Malware Info is not updated as expected in Update Center
Documentation
Microsoft TechNet - Installing Forefront TMG Service Packs
TechNet Blogs » Forefront TMG Product Team Blog » Forefront TMG 2010 Web Protection Services Licensing
TMG 2010:
Microsoft TechNet - Forefront Threat Management Gateway (TMG) 2010
Licensing/Subscriptions
TMG 2010
TechNet Blogs » Forefront TMG Product Team Blog » Forefront TMG 2010 Web Protection Services Licensing
Microsoft - Forefront Protection Suite Pricing and Licensing
Microsoft TechNet - License extension for End-of-Life Antigen and Forefront products
MS KB Articles
ISA 2006
TMG 2010
SP1
List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1
Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Software Update 1 Rollup 1 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Software Update 1 Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Software Update 1 Rollup 4 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
SP2
Microsoft Forefront Threat Management Gateway 2010 Service Pack 2
Rollup 1 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2
Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2
Setting ISA Client Exceptions per application
To disable the ISA Client for a specific application, do the following:
- Create an Application.ini in C:\Documents and Settings\All Users\Application Data\Microsoft\Firewall Client 2004\.
- Add the following per application:
[application.exe] Disable=1
Source for this and other options: Internal Client Concepts in ISA Server 2006
Java (upload) applets, port -1 and ISA Server 2006
Ran across a Java applet that accepts files via drag and drop and then uploads these files to the website.
When that traffic passed through an MS ISA 2006 SP0 proxy server the following was shown in the log:
Failed Connection Attempt ISA 30-1-2009 10:41:56 Log type: Web Proxy (Forward) Status: 12005 The Uniform Resource Locator (URL) is invalid. The request was not entered correctly. Enter the correct URL and try again. Rule: Source: Internal (10.x.x.x) Destination: (10.x.x.x:8080) Request: POST http://www.website.com:-1/virtualdir/uploadservlet Filter information: Req ID: 05024d14; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: User: anonymous Additional information Client agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_11 Object source: (No source information is available.) Cache info: 0x0 Processing time: 1 MIME type:
When not using the proxy, the site works fine. From Class Java.Net.URL: “Specifying a port number of -1 indicates that the URL should use the default port for the protocol.” <speculation> This doesn't seem to work when the traffic goes through ISA 2006.</speculation> On the Sun bugdatabase more bugs are listed when using Java with an ISA server, so this could be a Java bug.
HTTPFilter
FreeLists - [ISAserver.org Discussion List] - RE: HTTP Filter rejecting some requests describes that a URL with spaces (%20) in it can cause problems with the Verify normalization HTTPFilter option in ISA Server. If you monitor the connection in the ISA management console you'll see “Error message = 12217 The request was rejected” and “Blocked by the HTTP security filter: URL normalization was not complete after one pass.”
Microsoft TechNet - HTTP Filtering in ISA Server 2004
Alexander's Blog - Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator.
ISA and SAN certificates
Kent Nordstrom - ISA 2006 and SAN Certificates
Forefront TMG (ISA Server) Product Team Blog - Certificates with Multiple SAN Entries May Break ISA Server Web Publishing
Microsoft Exchange Server Forums - Unable to publish CAS with ISA 2006 if certificates with subject alternative names are used
ISAserver.org - Implementing and Troubleshooting Certificate Deployment in ISA Server 2006
(Expired) Password Change TMG/ISA published OWA
Follow Microsoft TechNet - Forefront TMG - Configuring the change password feature, ignore 6a, b and c for setting customized HTML forms. Don't forget the script from Microsoft Support - The "change password" feature does not work as expected after you install ISA Server 2006 Service Pack 1 or if you use Microsoft Threat Management Gateway 2010