IT Pro Verdict
It makes sense for existing users of ISA Server to move up to Forefront TMG 2010 as it has a wealth of new security measures. Our main issues are that TMG’s optional messaging security only supports Exchange and the separately licensed web filtering and anti-virus features will push the price up. Even so, the MSA 3200i takes all the hard work out of deploying TMG and will probably work out better value than trying to do it all yourself.
It's taken Microsoft a long time to get serious about its Internet Security and Acceleration (ISA) Server with the last update occurring in 2006 and comprising nothing more than a service pack. Its latest Forefront Threat Management Gateway (TMG) 2010 is its long awaited successor and Celestix' new MSA 3200i appliance delivers it ready to go out of the box.
Supplied to us by Wick Hill, the 3200i is one of a large family of MSA threat management gateways from Celestix and is aimed at businesses with 100 to 500 users. It has TMG Workgroup Edition installed but if you want load balancing, failover and centralised management of multiple appliances then the 3200b model is the one to go for as this has the Branch Edition loaded.
At its foundation TMG provides the same core features as ISA Server so you get an inbound and outbound security gateway, support for IPsec VPNs and forward and reverse web proxy services. A big difference is that TMG is 64-bit only, but it also offers a lot more security features than ISA Server ever did.
It comes as standard with an SPI firewall, HTTP/HTTPS traffic inspection and Microsoft's NIS (network inspection system) which scans traffic looking for Windows exploits. Options include web filtering and virus protection which are both activated with a subscription to Microsoft's Web Protection Service. Email security and anti-spam measures are also now available with the optional Forefront Protection for Exchange which doesn't support any third-party mail servers.
The appliance has Windows Server 2008 Standard 64-bit and TMG preloaded. For the quickest deployment we suggest connecting it to a network with DHCP services. If you want to assign a static IP address immediately you'll have to do this using the jog dial and LCD panel on front of the appliance.
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.