Book Review: Deploying Microsoft Forefront Threat Management Gateway 2010

Forefront Threat Management gateway has come a long way since the days of “Proxy Server 2.0″. With the recent crop of “Next Generation Firewalls” performing deep packet inspection on the application level, Microsoft needed to bolster their argument that a software-based firewall could perform at the level of their hardware-based competitors.

In “Deploying Microsoft Forefront Threat Management Gateway 2010“, Authors Yuri Diogenes and Dr. Thomas W. Shinder lay out the required steps to getting this newly updated software installed in either a single server or highly available array setup. The tone of the book isn’t super-breezy, but it’s light enough to encourage would-be administrators from spinning up virtual machines to test TMG2010 out. All the major features and negatives of the product are reviewed, including some of the fierce comments from network admins reluctant to place a Windows domain-joined machine on the edge of a network.

The book doesn’t muddy the distinction between TMG and sister product Forefront UAG, but the fact that there are still two distinct software firewall products Microsoft recommends (one for publishing internal applications and DirectAccess, the other for securing internal network resources) is a tough sell for many environments, especially those that already have a hardware based firewall that is performing well.

Because the book is narrowly scoped to deployment, it doesn’t include much in the way of day-to-day administration guidance. Although I’d like to see that guidance, I found its exclusion fine, so long as MS Press releases a follow up covering that information. (The previous administrator’s companion book for Forefront TMG clocked in at over 1000 pages, which was barely manageable to read on a Kindle, let alone in print version). Overall, for new system admins looking to test out Microsoft’s latest firewall, the book was short but solidly researched and well written.