Forefront TMG 2010: The Getting Started Wizard
Once you have a successful installation of Forefront TMG 2010, and when the Management Console of TMG is launched, you will have a new wizard opened on a separate page, called the Getting Started Wizard. In this article, we will introduce to you the Getting Started Wizard and what it is used for and how you can open it again later at any time.
When the TMG 2010 Management Console is opened, the first thing you will notice is the Getting Started Wizard. It is used to configure or modify initial deployment settings.
The Getting Started Wizard is compromised of three sub-wizards:
The Configure network settings wizard: is used to select a network template and to configure the network adapters on the TMG server
The Configure system settings wizard: is used to configure the TMG server name and membership to a workgroup or a domain.
The Define deployment options wizard: is used to configure NIS and Web protection, and if you want to join customer feedback program.
The first available wizard is the Configure network settings, as you can see, the other two wizards are grayed. Once you complete the first wizard, then the Configure system settings wizard will become enabled and again once you are done with this wizard, the Define deployment options wizard gets enabled and you can then start working with it.
Note that if you want to run the Getting Started Wizard again at any time, you can run the wizard by clicking on Forefront TMG (Computer_Name) node from the left pane, then click the Tasks tab (right pane ) and then click Launch Getting Started Wizard.
Let's start with the first available wizard, which is the Configure network setting wizard. Click it.
- The Configure network settings wizard: Is used to select a network template and to configure the network adapters on the TMG server
On the Welcome to the Network Setup Wizard page, click Next
On the Network Template Selection page, select the network template that represents your TMG server role and then click Next
For example, my TMG server will be on the edge, it has two network adapters, one connected to the Internal Network and the other connected to the External Network, so the best template that fits my topology is the Edge firewall network template.
In my case, the Wizard has detected that my server only has two network adapters, so it grayed out the 3-Leg perimeter network template.
**
Here is a small brief of the Network templates:**- Edge Firewall: Used when your TMG Server is placed on the edge, and it has two network adapters, one connected to your LAN and one connected to your DSL router.
- 3-Leg perimeter : Used to configure TMG with three Networks, an Internal Network, a DMZ Network and an External Network.
- Back firewall: Used when TMG Server is not placed on the edge of your Network, that is there is another firewall in front of the TMG firewall.
- Single network adapter : Used when TMG is installed with a single NIC, and it is used as a proxy server, supporting HTTP, HTTPS and FTP protocols.
On the Local Area Network (LAN) Settings page, from the drop-down list, select the adapter for your Internal Network. In my server, we have already named and configured my server adapters. The Internal Network adapter is called LOCAL.
If your network adapter is already configured, then it will display its configuration, else enter the IP address, subnet mask and DNS server. Also if you need to add any routes, then click on the Add... button, type it and click OK.
Make sure that you do not set any Default gateway on the Internal Network adapter.
Once you are done with configuring your adapter, click Next
On the Internet Settings page, the wizard will automatically select the other adapter as your External adapter, this is because we have selected the Edge Firewall Template with two Network Adapters. If you haven't previously configured this adapter prior to installing TMG, then either select to obtain an IP address automatically or configure this adapter by entering its IP, subnet mask, Default gateway. Then click Next
Do not put any DNS entry on the External Network adapter. DNS should only be configured on the Internal Network adapter.
On the Completing the Network Setup Wizard page, review the settings and then click Finish. If you need to change anything, then click the Back button and apply the changes and then come back to this page and then click Finish.
Once you click the Finish button, your will get back to the Getting Started Wizard, and now you can start with the Configure system settings wizard, not grayed anymore as we have completed the Configure network settings wizard. Click it.
- The Configure system settings wizard: Is used to configure the TMG server name and membership to a workgroup or a domain.
On the Welcome to the System Configuration Wizard, click Next
On the Host Identification page, you can set the computer name and workgroup or domain membership. If you need to change either the computer name or the membership, then click the Change button that corresponds to the setting that you need to change, type the new settings and then click OK. If no changes are required, then click Next
On the Completing the System Configuration Wizard page, click Finish.
You will get back to the Getting Started Wizard, and this time you can start working with the Define deployment options wizard, click it.
- The Define deployment options wizard: Is used to configure NIS and Web protection, and if you want to join customer feedback program.
On the Welcome to the Deployment Wizard page, click Next
On the Microsoft Setup Page, its recommended to select the option Use the Microsoft Update service to check for updates, this will ensure that the Forefront protection mechanism is kept up to date. Once selected then click Next
Note that if you are using WSUS server to update your TMG server, then the setting on this page is not applied, however, if later you stopped using WSUS to update your TMG server, then the settings on this page are applied.
On the Forefront TMG Protection Features Settings page, select from the drop-down list the license type for both the NIS and the Web Protection features.
You can even disable any or both of these features using the drop-down list.
You can even Enable URL Filtering in this page by selecting its checkbox and then click Next.
If you have enabled NIS in the previous page, then you will see the NIS Signature Update Setting page, if you previously disabled NIS, then you will go to the Customer Feedback page (step 5).
In the NIS Signature Update Setting page, you can configure how NIS will check for definition update and the polling intervals. It's better to keep the default options as they are the recommended ones. Click Next
On the Customer Feedback page, select whether you wish to participate anonymously in the customer feedback program or not and then click Next
We highly recommend you enable this option, as it allows Microsoft to find out how you use the TMG firewall and gets information about the hardware configuration. This information helps Microsoft improving TMG Server.
On the Microsoft Telemetry Reporting Service page, if you wish to participate, then select the level of participation. Else Select None. When you are done with your selection, click on Next
**
**Again, we highly recommend participating and selecting the Advanced level, doing so, you will be providing Microsoft with information about malware and other attacks on your network. This would make Microsoft improve the NIS, web protecting features.On the Completing the Deployment Wizard page, review your configuration and then click Finish.
You will be taken back again to the Getting Started Wizard. Now that you have successfully completed all the steps of the Getting Started Wizard, you will notice that there is a new wizard if you wish to run, which is the Web Access wizard. If you kept the checkbox selected and clicked the Close button, the Web Access wizard will be launched. If you removed the selection from inside the checkbox and clicked the close button, you will get back to the Forefront TMG management console.
Will discuss the Web Access Policy Wizard in a future article.
Summary
The Getting Started Wizard is a new feature introduced with TMG 2010. It has three different wizards that are used to help administrators configure their TMG Servers.
[ This article is posted at ElMajdal.Net website: http://social.technet.microsoft.com/wiki/contents/articles/exploring-new-features-in-forefront-tmg-2010-the-getting-started-wizard.aspx ]