Configure Malware Inspection, NIS and URL Filter in Forefront TMG 2010

Log on to Forefront TMG server as an administrator. Start menu>All Program>Click Forefront TMG management console>Expand Forefront Server>Click on Web Access Policy>in the right hand side Click on Task Pan >Scroll Down to Web Protection Tasks. In Web Protection Tasks, You will find Configure Malware Inspection, Configure HTTPS Inspection, Configure URL Filtering, Configure URL Category. Now follow these steps to define/create these policies.

Enabling Per-Rule Malware Inspection

1. On the Forefront TMG Management Console, click Web Access Policy.

2. Select the access rule that you want to change, right-click it, and choose Properties

3. Click the Malware Inspection tab. Check Inspect content download from web server and Force Full Content Request.

4. Click Apply and Ok. Apply Changes

Testing Internet Access with Malware Inspection

1. Click Forefront TMG (Array Name) in the left pane.

2. Click the Logs & Reports node in the left pane and then click Edit Filter in the Task Pane

3. In the Filter By drop-down list, select Client IP.

4. In the Condition drop-down list, select Equals.

5. In the Value field, enter the IP address of the test client, such as

6. Click Add To List and then click Start Query.

7. At a test client workstation, launch Internet Explorer and open the Web site

8. Click the file called in the download area for HTTP Protocol. The user will receive the notification from TMG

9. In TMG Logging you can see that the file was blocked, along with details about the reason why was blocked.

Configuring URL Filtering

1. In the left pane of the TMG management console, select Web Access Policy.

2. In the right pane, click Configure URL Filtering.

3. To enable URL Filtering globally, on the General tab of the URL Filtering Settings dialog box, select Enable URL Filtering

4. In the URL Filtering Settings dialog box, click the URL Category Override tab. Note that by default this list is empty.

5. Click OK to close the URL Filtering Settings dialog box.

6. In the right pane of the TMG management console, click the Toolbox tab.

7. In the Toolbox, click New and then click URL Category Set

8. On the Welcome To The New URL Category Set Wizard page, type Blocked Categories and click Next.

9. On the URL Category Selection page, do the following:

· Select Includes All Selected URL Categories.

· In the URL Category list, select Dating / Personals, Media Sharing, and Web Phone

10. On the Completing The New URL Category Set Wizard summary page, verify that the configuration agrees with that described by the Security team and click Finish.

Per-Rule URL Filtering Configuration

1. In the TMG management console centre pane, double-click the Blocked Web Destinations deny rule.

2. In the Blocked Web Destinations Properties dialog box, click the To tab, and then click Add.

3. In the Add Network Entities dialog box, expand URL Category Sets, select Blocked Categories, click Add, and then click Close.

4. In the Blocked Web Destination properties dialog box, verify that the destinations list appears as shown

5. Click the Action tab.

6. In the Denied URL Request Action section, do the following:

· Select Display Denial Notification To User.

· Type Access to this site is blocked by Security Team in the Add Custom Text Or HTML To Notification Text field.

· Select Add Denied Request Category To Notification.

7. Click OK to close the Blocked Web Destinations Properties dialog box.

8. In the TMG management console centre pane, click Apply to enforce the rule changes. When prompted by Change Control, enter a description of your actions and click Apply.

Testing URL Filtering

At any client served by TMG, open a browser and type in the address bar. Notice that the request denial page includes the message “Access to this site is blocked by Security Team” you specified in step 6 of Per-Rule URL Filtering Configuration.

Network Inspection System (NIS)

1. In the left pane of the TMG management console, select Intrusion Prevention System

2. In the middle pan, Select Network Inspection System, Click on Enable. NIS property will appear

3. Click General Tab, Check Enable NIS

4. Click on Exceptions Tab, Select Site Exempt from NIS, Click Add button and add desired sites. Click Add button again to add Network Set such as Internal Network.

5. Click Definition Tab. You may keep default settings or desired settings

6. Click Protocol Anomalies Policy Tab, Click on Allow to avoid legitimate sites

7. Apply changes. Click ok.

8. Click on Behavioural Intrusion Detection Tab, Enable all Common behavioural intrusion detection check boxes.

9. Apply changes and Click Ok.

Important! In the NIS Tasks, you can add desired policies or accept Microsoft Default Policies. You can also define exception rules in NIS.

Generating Malware, NIS and URL filter report

1. Click Logs & Reports in the TMG console, click the Reporting tab, and then click Create One-Time Report under Tasks in the right pane

2. The One-Time Report Wizard launches. Enter a name for the report and click Next.

3. On the Report Period page, you can specify the start time and end time for data collection to be shown in the report. The start and end times can be based on a day or a month. Because reports are based on the previous day, the date needs to be prior to the current date. After selecting the start and end dates, click Next.

4. On the Report Content page, you can select the content to be included in the report. If you want only malware statistics, check boxes Malware Protection/URL Filtering/Network Inspection System/Security (one or more boxes) and click Next.

5. On the Send E-Mail Notification page, you can configure TMG to send e-mail notification for completed reports. After filling in the relevant fields, click Next.

6. On the Report Publishing page, the administrator can choose to publish the report to a central directory either on the same TMG server or a remote different server. After filling in the relevant fields, click Next.

7. On the Completing the One-Time Report Wizard page, you are notified that you have successfully completed the One-Time Report Wizard. You can also view a brief summary of the report’s configuration. Click Finish.

8. The report now appears under the Reporting tab with the information that you just configured. Click Apply to process the report.

9. Click Logs & Reports in the TMG console and then click Create Recurring Report Job under Tasks in the right pane. Follow similar steps and add schedules to run the report.

Relevant Articles

Forefront TMG 2010: How to install and configure Forefront TMG 2010 —-Step by step

Forefront TMG 2010: Publishing Exchange server 2010

Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010

Beer mugAdd to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
This entry was posted in Windows Server and tagged , , , . Bookmark the permalink.

One Response to Configure Malware Inspection, NIS and URL Filter in Forefront TMG 2010

  1. abhishek says:

    HI Raihan

    i need your help . i’m using o Forefront TMG 2010
    i want to block downloading all sites but allow some exceptions site . so please help me ..

    i configure malware inseption (web protection task) under web access policy tab
    this setting was working but all so block my exception site


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s