3

We used ISA Server 2006 as network firewall, router, and VPN server - and I loved ISA server, because it did exactly what it supposed to do, nothing less, nothing more (ok, someting more, e.g. caching). Then we migrated to Forefront TMG, which I ... didn't hate. Now I need to setup new small local network and I can't find/believe that MS doesn't have anything like ISA/TMG, I still think I simply can't find it - what I need is exactly what good old ISA Server (or TMG) did. I don't like to install and use already discontinued product (TMG), but it will probably end up this way. I've read several articles about either non-MS alternatives, or that the best alternative for TMG is ... TMG. Is there some replacement for ISA/TMG from Microsoft (another server product, or maybe feature in WS2012R2?) and I just can't find it, or does MS really abandon this field?

Robert Goldwein
  • 237

3 Answers3

1

There is no Microsoft replacement for ISA Server, Forefront TMG or UAG but there is now an obvious "Microsoft supported" option for publishing websites to the Internet.

You should install the "Web Application Proxy" (WAP) role on a suitably hardened Windows 2016 server that's connected to the internet and use this to publish your Exchange, Sharepoint and other Microsoft-specific services. It is designed to integrate with ADFS to enable Single-Sign On for all sites published via the WAP, can redirect attempts to connect via HTTP to HTTPS painlessly (this was an issue with the Windows 2012R2 WAP IIRC, which is why I suggest the 2016 version).

We've managed to retire a UAG server that had a number of sites published by moving them all to be published via WAP.

Rob Moir
  • 32,154
0

you can use Sophos UTM 9 network firewall including web browsing protection, AntiSpam filter and antivirus protection.

Sophos UTM helps you consolidate your security without compromising its effectiveness. By combining multiple security layers, it’s simple to protect your users everywhere while making security easier to deploy and manage.

you can donwload trial Version from here

AminM
  • 183
  • 2
  • 14
0

Officially there is no Microsoft Solution to replace Forefront TMG.

If you need a reverse proxy, you can use products like BigIP by F5, Barracuda WAF, Citrix Netscaler, NGNIX... Microsoft Web App Proxy (available in Windows Server 2012 and >) is an option but has very limited features and can't be compare with specialized solutions.

Same answer for VPN site to site gateway or Point to site gateway : Windows Server includes these features but with less options than a specialized solution from Cisco, Juniper...

Regards.

Stanislas

Stanislas Quastana Pro
  • 634
  • 3
  • 4