More details about managing TMG tunnel port ranges, along with the VBScript code to view, update, and delete SSL tunnel port ranges can be found here. This setting is not in the GUI, and is only available via COM. If you have an application that communicates using SSL or TLS on a different port, you must explicitly configure TMG to allow this traffic. As a security precaution, TMG is configured only to allow uninspected SSL and TLS traffic on TCP ports 443 and 562 by default. With SSL and TLS, application layer data is encrypted, so the TMG firewall tunnels this traffic to the destination instead of terminating and inspecting it. With standard HTTP, the TMG firewall terminates the session and with all of the communication in the clear, it is capable of performing application layer traffic inspection. TMG handles encrypted HTTP traffic fundamentally differently than it does regular HTTP traffic. An exception has to be made for SSL and TLS protected HTTP communication because, by default, the TMG firewall is unable to inspect this traffic. Forefront TMG is configured, by default, to inspect all HTTP communication and to ensure that it is valid and RFC compliant. SSL Tunnel Port RangeĪrguably this is the most common setting on the TMG firewall that is not available via the GUI. Interestingly there are a number of important configuration changes that are not accessible via the GUI, and can only be viewed or changed programmatically. In fact, that is essentially what happens under the covers when an administrator makes changes in the GUI. Through this API it is possible to view and modify any configuration setting in TMG. TMG also provides a rich and robust API, which is accessible via the Component Object Model (COM). The TMG GUI management console is installed along with TMG services, and optionally can be installed on a separate management workstation if desired. The TMG GUI is intuitive and discoverable, making administration of configuration settings and firewall policy much easier than many of its competitors.
One of the hallmarks of Forefront Threat Management Gateway (TMG) 2010 is the graphical user interface (GUI) management console.
0 kommentar(er)
