Assign Roles in TMG 2010

Like ISA server 2006, even though you are an administrator of the domain, you still unable to manage the ISA server or TMG. What you need to do is to ask the delegation permission to open the ISA or TMG management console

How to do it?

open TMG properties -> select Assign Roles Tab

and Then Browse the user. For example, Jane

Then choose what role you assign. For example “Forefront TMG Array Administrator”

Then click OK & Apply->Ok.

Click Save Changes.


Web Access Policy in TMG 2010


This is new to me… when I jump from ISA server 2006 to Forefront Threat Managemtn Gateway, I saw a lot of different feature. Then, since I use the TMG as a proxy, this Web Access Policy made me easy to filter unnecassary website that should be blocked in organization.

How to start?

On left pane, you should see web access policy and right click. Then Choose Configure

A web access policy wizard comes out…


Click Next button.

Choose Yes, Create a rule blocking the minimum recommended URL. Then, Click Next.

On Block Web Destination, keep the default.

Then Click Next Button.

For Malware option below I prefer to choose Yes so that it inspects the web content for malware.

At the Https Inspection wizard below:

Click Next.

we need to export a certificate in the TMG server. click Browse on the image below:

type the filename. in example, webaccess.cer.Then click Save. after that, click Next button at the Certificate Deployment.

On the web cache, I enable the web cache like figure above and set the cache to 500MB.

and Click Finish button for completing the wizard.