Forefront TMG got inbuilt capabilities to work as an anti-spam, antivirus and content filter for E-Mail protection. TMG 2010 works hand to hand with Forefront Protection 2010 and Exchange Edge Transport Server to provide mail relay, anti-spam and antivirus protection. These two technologies include a variety of anti-spam and antivirus features that are designed to work together, to reduce the spam that enters and exits an organization. When deploying the e-mail protection feature in Forefront TMG, install Exchange Edge Transport Role and Forefront Protection for Exchange Server on the Forefront TMG computer. Forefront technologies provides layers of protection for Exchange Messaging Technologies.
Protection on the Edge: Provide a complete inspection and scan of all emails entering and leaving from organisation.
Integrated: Forefront TMG, Forefront Protection and Edge Transport are integrated (installed) in a single point.
Extended management: TMG enterprise version works in a management array. So that you can install and manage more then one TMG server.
Network Load Balancing (NLB): Using NLB and a virtual IP address, you can deploy an array of firewall using Forefront TMG servers at the entry point of your organisation, thereby processing each and every email entering in your organisation. By deploying multiple Forefront TMG servers, each running Exchange Edge Transport Role and Forefront Protection , you can more easily maintain a highly available (HA) and protected vital messaging technology in your organisation.
Compiling Mail Exchanger (MX) Record: MX Record registered with ISP and pointing external IP address of TMG server
To install the Exchange Server Edge Transport role
Run the Exchange Server Setup.exe file, and follow the steps in the Exchange Server Setup Wizard, including the installation of all the prerequisites.
On the Installation Type page, click Custom Exchange Server Installation.
On the Server Role Selection page, select Edge Transport Role, and click Next. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. Then, click Install to install Exchange.
On the Completion page, click Finish.
For more information about Edge Transport and FPES visit Step by Step Guide on Exchange Server 2010 Edge Transport Role and Forefront Protection 2010: how to install and configure Forefront Protection 2010 for Exchange Server 2010—Step by step
To configure E-Mail protection, log on to TMG server as an administrator. Open TMG Management console>Click on E-Mail Protection>Enable entire protection systems on E-Mail Policy Tab.
Click on Spam filtering tab> Click on enable on IP Allowed List>Add all internal IP addresses in your network.
Once finish. Click on Apply and OK.
Click on Enabled on sender reputation>Select Enabled in general tab.on the Thresholds Tab, select reputation ratings starting from 0 to 9. Apply and Ok.
Click on enable on content filtering. On the General Tab select enabled. Custom Words tab>Add blocked contents whatever you like. If you like you can add exceptions also on exception tab. Click SCL Thresholds tab>select desired options such blocked or quarantine email based reputation ratings.
Apply and OK once finish.
In the sender filtering option, you can block based on domain name. domain name must added as www format.
Click enabled on the file filter. Click file filter tab>click add button. Check enable this filter, select type of actions from drop down list. Purge will remove the content and deliver email only. Delete will delete the message with the contents. In the File Types tab, select preferred file types. You can add custom file types from File Name Tab.
In the Antivirus configuration, select desired Antivirus engine that means the Antivirus you have installed in TMG server, preferred remediation method and Actions, TMG will take in-case TMG found virus.
Once all the configuration finished. Then Apply changes and click Finish.
Important! Don’t forget to backup TMG server after changes you made.
Definition and Engine Update: To keep your systems protected from the latest threats, verify that Forefront TMG has connectivity to the selected update source, Microsoft Update or Windows Server Update Services (WSUS), and that automatic installation of the latest signatures is enabled. For more information visit Install and configure WSUS 3.0 SP2 – Step-By-Step and Configure Forefront TMG 2010 to receive definition update from Windows server update services (WSUS)