Microsoft Threat Management Gateway 2010 brings a lot of new and enhanced features to edge network security. Ever since Microsoft started with Proxy Server 2.0, and then ISA Server, URL filtering has always been something which administrators have wanted. Every company has their own IT policies and most companies want to restrict their users from visiting inappropriate or unsafe websites during their office hours from company-owned machines.
In our previous post at http://www.nappliance.com/blog/nappliance-nuag-and-directaccess-better-together we highlighted how UAG and DirectAccess are better together and the benefits of connecting through the DirectAccess. In this post we will concentrate on the advantages DirectAccess has over the traditional VPN connectivity and why companies would want to move away from the VPN infrastructure.
When trying to activate the configuration on a UAG server, you might find that the activation failed and you can see the following error messages in the status window:
A client that is trying to access an SSL enabled application on a backend server (e.g. Exchange) that is published through the Forefront UAG portal gets an error, specifically:
“An unknown error occurred while processing the certificate. Contact the site administrator”.
Microsoft UAG 2010 can be integrated with Windows NAP (Network Access Protection) to make sure that the computers comply with the IT policies before user’s login into the UAG portal. Windows Network Access Protection is part of Windows 2008 and 2008 R2 servers. No extra hardware or licensing is required to implement Microsoft NAP in an environment. Moreover, there are simple settings in UAG for integrating NAP to do policy enforcement.
When you install an update for Microsoft Forefront UAG, it does not appear under the Windows control panel > Add/Remove programs. So, If you have to remove it for some reason then how do you remove an update? Well, UAG has an in-built script to remove the previously installed updates. The script is located at
Open the Microsoft Threat Management Console and right click on the Firewall Policy and select "Non-web Server Protocol Publishing Rule". A new server publishing rule wizard will appear. Give a name for the publishing rule and click next.
After a long wait finally someone is putting together something on UAG. A Microsoft employee named Ben Ari is writing a book on Microsoft Forefront UAG. It’s pretty interesting to me because I have worked with Ben Ari on few technical issues both inside and outside Microsoft.
