© 2006-2014 Winfrasoft Corporation. All rights reserved. This publication is for
informational purposes only. Winfrasoft makes no warranties, express or implied, in
this summary. Winfrasoft and Winfrasoft Gateway Appliance are trademarks of
Winfrasoft Corporation. All other trademarks are property of their respective owners.
Quick Deployment Guide
TMG 2010 Gateway Appliance
Quick Deployment Guide
Quick Start Guide
Winfrasoft Gateway Appliance running
Microsoft Forefront TMG 2010
Quick Deployment Guide
Published: December 2014
Applies to: Winfrasoft Gateway Appliance
Web site: http://www.winfrasoft.com
Email: support@winfrasoft.com
Information in this document, including URL and other Internet Web site
references, is subject to change without notice. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses,
logos, people, places and events depicted herein are fictitious, and no
association with any real company, organisation, product, domain name, email address, logo, person, place or event is intended or should be inferred.
Complying with all applicable copyright laws is the responsibility of the user.
Winfrasoft may have patents, patent applications, trademarks, copyrights, or
other intellectual property rights covering subject matter in this document.
Except as expressly provided in any written licence agreement from
Winfrasoft, the furnishing of this document does not give you any licence to
these patents, trademarks, copyrights, or other intellectual property.
Microsoft Active Directory, Microsoft Forefront, TMG 2010, UAG 2010,
Windows and Windows Server are either registered trademarks or trademarks
of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
Copyright © 2006-2014 Winfrasoft Corporation. All rights reserved.
Table of Contents 3
Table of Contents
TABLE OF CONTENTS .............................................................................................................. 3
INTRODUCTION ......................................................................................................................... 4
APPLIANCE USB STICK / DVD .................................................................................................... 4
DEPLOYMENT OVERVIEW ............................................................................................................ 4
DEFAULT LOGIN DETAILS ............................................................................................................ 4
DEPLOYING THE APPLIANCE ............................................................................................... 5
CONNECTING THE NETWORK CABLES .......................................................................................... 5
FIRST BOOT UP ............................................................................................................................. 6
REGIONAL SETTINGS AND LICENSING ........................................................................................ 11
FINALISING THE CONFIGURATION............................................................................................... 13
TMG 2010 CONFIGURATION ................................................................................................. 16
FACTORY RESET ..................................................................................................................... 25
4 Winfrasoft Gateway Appliance
Introduction
The Winfrasoft appliance is factory prepared to provide a fast and consistent setup process.
This quick start guide is designed to help you with the initial Setup process. It is highly
recommend that you follow all of the instructions in this document.
The appliance includes various wizards to aid the deployment process by assisting with
network adapter configuration, Microsoft Forefront TMG rule creation and Microsoft
Forefront TMG 2010 setup.
Appliance USB Stick / DVD
The appliance is accompanied by a bootable USB stick / DVD which can be used to:
(1) Factory reset the appliance
(2) Restore a network based backup image (not covered in this guide)
Deployment Overview
After completing this simple process you will have a functional appliance…
(1) Complete the Winfrasoft Network Configuration Sheet for this appliance.
(2) Unpack and rack the appliance.
(3) Connect the appliance cables EXCEPT the Ethernet cables.
(4) Power up the appliance.
(5) Run through the appliance configuration wizards, connecting the network cables as you
go.
(6) You’re Done!
Default Login Details
The default login credentials for all Winfrasoft Appliances are as follows:
Username: Administrator
Password: Pa55w0rd
Important: Change the password as soon as possible!
Note
The password contains the character zero and not a capital letter. The
password is case sensitive and starts with a capital P. This is to comply with
Windows password complexity requirements.
Deploying the appliance 5
Deploying the appliance
Connecting the Network Cables
As there are various models of Winfrasoft Appliances with varying hardware types, the
number of network cards will vary and the physical ports are not labeled on the back of the
appliance.
Appliances Ethernet ports are used as follows, depending on the total number of NIC’s:
External Connection
Internal Connection
DMZ1 / Heartbeat Connection
DMZ2 Connection
DMZ3 Connection
Etc
To work out which physical Ethernet port is which the Winfrasoft Appliance Configuration
Wizard will update the status of each NIC when you plug in a cable. When the wizard is
displaying the External Connection, simply plug in a cable to any available Ethernet port and
if the NIC status doesn’t change to Connected after a few seconds then move the cable to the
next port until it does connect. Repeat this process for each network connection until all
required cables are connected.
Note
Typically appliances with NIC’s located on the motherboard are the Internal
and External ports.
6 Winfrasoft Gateway Appliance
First boot up
Important: Do not connect the network cables yet!
The Winfrasoft Appliance Configuration Wizard will start automatically on first bootup
while completing the Windows setup. The wizard helps you to configure various things on
your Winfrasoft Appliance, inluding the network adapters TCP/IP settings and computer
name.
(1) Click Next to continue.
Action
Connect the Ethernet cable for your External network. Ensure that onscreen
image shows that the adapter is connected.
Deploying the appliance 7
(2) If your External Network adapter will receive its IP address from a DHCP server,
select Obtain an IP address automatically. If your network adapter has a static IP
address (recommended), enter the IP address, Subnet mask and Default Gateway in the
appropriate areas. Click Next to continue.
(3) If your Internal Network adapter will receive its IP address from a DHCP server, select
Obtain an IP address automatically. If your Internal network adapter has a static IP
address (recommended), enter the IP address, Subnet mask and Default Gateway in the
appropriate areas. Click Next to continue.
Note
If your Winfrasoft Appliance is designed to operate with only 1 network
adapter, select Do not configure an External Network Connection.
Action
Connect the Ethernet cable for your Internal network. Ensure that onscreen
image shows that the adapter is connected.
Action
Connect the Ethernet cable for your DMZ network. Ensure that onscreen
image shows that the adapter is connected.
8 Winfrasoft Gateway Appliance
(4) If your Winfrasoft appliance needs to connect to a DMZ, then configure the DMZ
connection settings. If your adapter will receive its IP address from a DHCP server,
select Obtain an IP address automatically. If your DMZ network adapter has a static
IP address (recommended), enter the IP address and Subnet mask in the appropriate
areas.
If your appliance does not connect to a DMZ then select Do not configure DMZ 1
Network Connection. If your appliance is a Heartbeat network, select Configure as a
Heartbeat Network. Click Next to continue.
Note
The DNS Server address fields will be disabled if you have selected to use
DHCP on your internal network adapter.
When statically assigning DNS servers, the Alternate DNS server field is
optional and not required.
Note
If your Winfrasoft Appliance contains more than three network adapters you
will also be asked if you would like to configure additional DMZ/Perimeter
networks.
Deploying the appliance 9
(5) If you plan to use the DNS Server service on the appliance to benefit from DNS
caching and conditional forwarding, select Local DNS Service with Root Hints and
DNS cache.
If you plan to use a remote DNS server only, select Use the following remote DNS
Servers option and enter the IP address of the primary and alternate remote DNS
servers.
Select the Network adapter to bind the DNS setting to. Click Next to continue.
(6) If you plan to change the name of your TMG appliance, select Change the computer
name and enter the new name for the appliance. Click Next to continue.
Note
Microsoft ONLY supports changing the computer name after TMG has been
configured by using the TMG Getting Started Wizard and not the Windows
computer name change option.
The TMG appliance will need a reboot when the name of the device changes.
10 Winfrasoft Gateway Appliance
(7) Apply the configuration changes. Click Next to continue.
(8) Click Next to continue.
(9) If the computer name was change click Restart to restart the appliance. After the reboot
setup will automatically continue.
If the computer name was not changed then an extra reboot is not required and setup
will continue with the remaining steps.
Deploying the appliance 11
When complete the appiance will restart.
Regional Settings and Licensing
After the restart Windows Setup will ask a few final questions.
(1) Configure the regional settings for the appliance. Click Next to continue.
12 Winfrasoft Gateway Appliance
(2) Enter your Windows Product Key.
For a physical appliance the product key is located on the OEM sticker supplied with
the Winfrasoft Appliance.
For a Virtual Machine a Volume Licence key is required which is not supplied by
Winfrasoft.
Select Automatically activate Windows when I’m online to activate your copy of
Windows. Click Next to continue.
(3) Read the Microsoft and Winfrasoft License terms, Select I accept the license terms for
both sections. Click Start to continue
After Windows Setup completes the Appliance will restart one last time.
Note
If evaluating the appliance simply Leave the Product Key empty to run a 30
day trial.
Deploying the appliance 13
Finalising the configuration
After the final restart the Winfrasoft Appliance Configuraiton Wizard will automatically
resume. You can step back to previous configuration options if required however you can no
longer change the computer name.
(1) Winfrasoft Appliances include the ability to create self-signed X.509 SSL digital
certificates. These certificates can be used for testing purposes or to allow for setup
while production certificates are pending approval. Enter the DNS name for the
required certificate and click Generate.
Click Next to continue.
(2) A self-signed certificate has been created. Click OK to continue.
(3) Once you have created as many self-signed certificates required, click Next to
continue.
Note
You can generate as many self-signed certificates as you require.
Self-signed certificates will automatically be inserted into the Personal
certificate store of the Local Machine.
14 Winfrasoft Gateway Appliance
(4) If there are no other changes to be make and you are ready to commit the changes click
Next to continue.
(5) The TMG Server configuration will be updated with the supplied settings.
Click OK to continue.
(6) The Winfrasoft Monitoring Agent Service and Network adapter information have now
been configured according to your selections.
Click Next to continue.
Deploying the appliance 15
(7) Your Winfrasoft Appliance has now been configured. Click Finish to complete the
setup.
Note
Should you wish to change the Winfrasoft Appliance configuration settings,
the Appliance Configuration Wizard can be rerun at a later time.
16 Winfrasoft Gateway Appliance
TMG 2010 Configuration
Once the Winfrasoft Appliance Configuration Wizard has completed and the desktop has
loaded you need to start the TMG Management Console to configure TMG.
(1) Double click the Forefront TMG Management icon on the desktop to load the TMG
Getting Started Wizard.
(2) Click Configure Network Settings.
(3) Click Next to continue.
TMG 2010 Configuration 17
(4) TMG 2010 can fit many scenarios; however the “Back firewall” is the most common
deployment scenario. The remained of this guide will assume the “Back firewall”
template is used, if not some options may differ slightly from this guide.
Select the appropriate template for your deployment. Click Next to continue.
(5) Select the Internal Connection from the dropdown list for the LAN settings.
Add any additional routes as required. Click Next to continue.
18 Winfrasoft Gateway Appliance
(6) Select the External Connection from the dropdown list for the ISP settings.
If there is DMZ to configure specify the IP types used in the Perimeter network.
Click Next to continue.
(7) Verify that the Network Configuration settings are correct.
Click Finish to accept and save the changes.
TMG 2010 Configuration 19
(8) Click Configure system settings.
(9) Click Next to continue.
20 Winfrasoft Gateway Appliance
(10) You can use this screen to change the computer name (if not already done previously)
or to joint to a domain. Winfrasoft recommends joining TMG to the domain to benefit
from greater security configuration option. This guide will assume a workgroup
configuration for simplicity.
Click Next to continue.
(11) Click Finish to continue.
(12) To configure the TMG Server appliance base rules click Define deployment options.
Note
The appliance cannot be joined to an array unless it is joined to an Active
Directory Domain.
TMG 2010 Configuration 21
(13) Click Next to continue.
(14) To enable automatic updates from Microsoft, Select Use the Microsoft Update service
to check for updates (recommended). To disable automatic updates, select I do not
want to use the Microsoft Update service.
Click Next to continue.
Note
All Microsoft Update components are pre-installed on the Appliance by
default however they must be enabled explicitly if required.
22 Winfrasoft Gateway Appliance
(15) Configure the settings as required for the deployment and click Next to continue.
(16) Configure the settings as required for the deployment and click Next to continue.
(17) Configure the settings as required for the deployment and click Next to continue.
TMG 2010 Configuration 23
(18) Configure the settings as required for the deployment and click Next to continue.
(19) Click Finish to continue.
24 Winfrasoft Gateway Appliance
(20) If you would like to setup a default rule base policy leave the Run the Web access
wizard option ticked. This wizard is not documented in this guide for simplicity as it is
specific to the deployment requirements.
Click Close to complete the installation.
Your Winfrasoft TMG 2010 Appliance is now fully installed and ready for use.
Factory Reset 25
Factory Reset
A factory reset is a DESTRUCTIVE process and will remove ALL data on the appliance!
This should only be performed if upgrading to a new image version or if the appliance be
being re-deployed from the ground up.
To perform a factory reset simply boot the appliance using the USB stick / DVD provided.
Once Windows has started via the USB stick / DVD the Appliance Boot Manager will load.
If the Appliance was provided with a USB stick then it should contain the activaiton file for
the appliance which will automatically be verified and installed as part of the factory reset
process.
(1) Click the Return to Factory Settings button to start the reset.
(2) If an activation file is found on the USB stick then a notice will be displayed
explaining if the activation file will be installed as part of the factory restore process.
Click OK
(3) If you are sure you want to perform a reset click the Yes to continue.
When the image restore is complete you will be prompted to remove the USB stick / DVD
and click OK to restart the appliance. The appliance will boot up and begin the Windows
Setup process. This is fully automated and the appliance will reboot a few times. When the
process is complete the appliance will switch off.
Loading...