A threat management gateway (TMG) is the unified threat management (UTM) software system created by Microsoft® Corporation® as part of its Forefront® security software suite. This component is often referred to as Forefront® TMG. The TMG software is what's known as an edge server, in that it sits at the border of a computer network, auditing network traffic that is entering or leaving. It provides an array of security services including firewall, email filtering, virus monitoring, and more.
Microsoft Forefront Threat Management Gateway 2010 (TMG) is designed to provide a comprehensive, secure Web gateway that helps protect employees from Web-based threats. URL Filtering Destination URLs are examined for compliance with corporate policy and for malicious potential of destination Web site. Jun 30, 2014 TMG SP2 Rollup 5 is available for download here: Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 Please see KB Article ID: 2954173 for details of the fixes included in this rollup. Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 Important! Selecting a language below will dynamically change the complete page content to that language.
The first of this type of offering from Microsoft® was a proxy server back in the late 1990s. This initial offering was a basic Internet access server for a local area network (LAN), but later versions included a packet-filtering firewall. As the product continued to develop, it was renamed in 2001 to Microsoft® Internet Security and Acceleration Server (ISA) and given the ability to link together with others of its kind to provide accelerated services. Further developments led to the product being renamed the Forefront® Threat Management Gateway in 2008.
As a gateway device, the Forefront® TMG holds to its origins as a general Internet access server for a Microsoft® Windows® LAN. This gives the core TMG software the ability to perform routing and network address translation (NAT), which aids with directing traffic inside the network. Working as a bridge to other secure networks, the Forefront® software can also be used to establish a virtual private network (VPN) for connecting with other, remote gateways.
Add-on for Microsoft Forefront Threat Management Gateway - inspired/TA-Microsoft_Forefront_TMG. New pull request. Clone or download. Bit Torrent via Forefront TMG - 5.Feb.2012 8:45:01 PM richto. Status: offline: I wanted to use Bit Torrent to download something, and I couldnt find detailed instructions anywhere, so I wrote and tested my own rule set. Here it is for anyone that needs it. [Threat Management Gateway (TMG) 2010] >> General >> Bit Torrent via Forefront TMG.
Author | Mikael Bjerkeland |
---|---|
App Version | 1.0.2 |
Vendor Products | Microsoft Forefront Threat Management Gateway 2010 |
Has index-time operations | True |
Create an index | False |
Implements summarization | False |
The Add-on for Microsoft Forefront Threat Management Gateway allows a Splunk® Enterprise administrator to extract and filter event information from the Microsoft Forefront Threat Management Gateway. The app sets the correct sourcetype and adds fields required for CIM compliance. The app includes inputs that allow you to monitor Forefront TMG log files on your Forwarders.
No scripts or binaries are included.
Version 1.0.2 of the Add-on for Microsoft Forefront Threat Management Gateway is compatible with:
Splunk Enterprise versions | 6.x |
---|---|
CIM | 4.3, 4.2, 4.1, 4.0 |
Platforms | Platform independent |
Vendor Products | Microsoft Forefront Threat Management Gateway 2010 and Microsoft Internet Security and Acceleration Server (ISA Server) |
Lookup file changes | Added microsoft_forefront_tmg_actions.csv |
Add-on for Microsoft Forefront Threat Management Gateway includes the following new features:
Version 1.0.2 of the Add-on for Microsoft Forefront Threat Management Gateway fixes the following issues:
Version 1.0.2 of the Add-on for Microsoft Forefront Threat Management Gateway has the following known issues:
Version 1.0.2 of the Add-on for Microsoft Forefront Threat Management Gateway incorporates the following third-party software or libraries.
**This app is community supported on a best effort basis. In case you have needs for professional support billed by the hour, please contact the author.
Add-on for Microsoft Forefront Threat Management Gateway supports the following server platforms in the versions supported by Splunk Enterprise:
To function properly, Add-on for Microsoft Forefront Threat Management Gateway requires the following software:
Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download the Add-on for Microsoft Forefront Threat Management Gateway at https://apps.splunk.com/app/3011/.
To install and configure this app on your supported platform, follow these steps:
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Install to search head
Install to indexers
Install to forwarders
This app must be installed on a Splunk Universal Forwarder running on a Microsoft Windows host with access to the Forefront TMG w3c files.
You may need to tune the logging parameters of your Microsoft Forefront Threat Management Gateway server. For instructions on this please consult the official product documentation.
Follow the same steps as Install to search head.
Follow the same steps as Install to search head.
Unknown
This app provides search-time and index time knowledge for the following types of data from Microsoft Forefront Threat Management Gateway:
Search-time
These data types support the following Common Information Model data models:
Source Type | CIM Data Models |
---|---|
microsoft:forefront:tmg:proxy | Web |
microsoft:forefront:tmg:fw | Network Traffic |
The Add-on for Microsoft Forefront Threat Management Gateway contains 1 lookup files.
microsoft_forefront_tmg_actions.csv
Maps a vendor action to a CIM compliant action.