Configure Forefront TMG 2010 to receive definition update from Windows server update services (WSUS)

Forefront TMG maintains the definitions of known viruses, worms, and other malware. To keep these important definitions up to date, Forefront TMG has built in a centralized mechanism called the Update Centre that allows the administrator to configure the update frequency as well as the automatic update action. The Update Centre can be accessed from the Forefront TMG console.

The following features in TMG rely on signature updates:

Network Inspection System (NIS) Microsoft Update delivers signatures and protocols that help protect the network.

Malware Inspection Microsoft Update delivers Microsoft Antivirus definitions to filter virus-infected files that can be downloaded by the users from the Internet.

Exchange (Anti Spam) Microsoft Update delivers Anti Spam signatures to the

Exchange Anti Spam agent.

Forefront Security for Exchange (FSE) Recipient Update Services deliver definitions to multiple antivirus engines used in FSE.

URL Filtering Updates Microsoft Updates delivers new URL Filtering categories to filter out unwanted sites.

Configuring Windows Server Update Services (WSUS), follow the steps:

1. Log on to WSUS server.

2. Open WSUS Console. In the left hand pan Click Options.

3. Click on Products and Classifications, Products and Classification Window will appear

4. On the Products Tab, scroll down to Forefront. Check Forefront Threat Management Gateway Definition update for HTTP malware Inspection, check Forefront TMG MBE and Forefront TMG definition update for Network Inspection system.

5. Click on Apply and Ok. Close WSUS Console.

To configure Update Centre in Forefront TMG 2010, follow these steps:

1. In the left pane of the TMG management console, click Update Centre.
2. In the right pane, under Tasks, click Configure Settings

3. The Update Centre Properties setting appears, with the Definition Updates tab selected

4. Highlight Malware Inspection and click Configure Selected.
5. The Definition Update Configuration settings appear

6. The default automatic update action is Check For And Install Updates. The other two options available are Only Check For Updates and No Automatic Action. For this example we will leave this at its default and recommended setting.

7. The Automatic polling frequency is set to 15 minutes by default. This is the time
interval in which TMG will poll for new definition updates. This can be increased up to 4 hours.

8. You can also set an alert to be triggered in case no new updates are installed within
a certain number of days. The default value for that is set to 5 days.
9. Click OK to return to the Definition Updates tab under Update Centre Properties
settings.
10. Highlight Network Inspection Service (NIS) and click Configure Selected. Again the Definition Update Configuration settings for NIS appears, which is the same as what we saw for Malware Inspection except for the number of days to trigger an alert (45 days for NIS).
11. Click OK to return to the Definition Updates tab under Update Centre Properties
settings.
12. Click the Microsoft Update tab

13. TMG uses Microsoft Update services to deliver malware updates to TMG. For TMG to receive these updates make sure that the option Use The Microsoft Update Service To Check For Updates is selected.
14. Click Microsoft Update Service to configure the policy configuration for protection mechanism definition updates

15. The option selected by default is Use Machine Default Service But Fallback To Microsoft Update. Here, check use Windows Server Update Services (WSUS).

16. Click Apply and OK to return to the TMG console.

Relevant Articles

Forefront TMG 2010: Publishing Exchange server 2010

Forefront TMG 2010: How to install and configure Forefront TMG 2010 —-Step by step

Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010