New version of ISA – FFTMG

By brendon on December 14th, 2009

Well it has been a long time coming but Microsoft have finally released a new version of their awesome Internet Acceleration and Security (ISA) server. The last major upgrade was 2004 and since then the product has become a little long in the tooth. There are several new ways the internet is being used and ISA 2004/2006 in my opinion just couldn’t keep up.

Jump over to http://www.microsoft.com/forefront/threat-management-gateway/en/us/default.aspx and check out the details on Forfront Threat Management Gateway (FFTMG). Building on the new Windows Server 2008 network stack there are several new features that administrators (myself included) have been crying for:

  • Support for dual/ failover internet links. (using a separate fibre service for remote access and publishing plus a DSL2 service for web access.)
  • Publishing (Static NAT) rules apply to both inbound and outbound traffic. (ISA would always NAT outbound connections on default IP address.)
  • Category based Access lists (requires additional licenses) to filter traffic for “Social Networking” or “Known Virus URL’s”.
  • Support in a Hyper-V or ESXi or XenServer virtualised environments.
  • ONLY RUNS on Windows Server 2008 x64 eddition!!!

The old ISA server team blog has been updated to reference TMG now also; there are half a dozen articles available here that may help with deployment considerations.