What Microsoft TMG services can a FortiGate replace?
Many of you may have Microsoft’s TMG server in place, and since this is End-of-Life, some of you may be wondering if a FortiGate appliance can take on the functions. For the most part, the answer is YES!
Here’s a synopsis:
TMG is often used to Proxy client connections to the internet. A FortiGate appliance can do the same thing, and includes the ability to have Single-Sign-On for the clients. An FSSO agent gets installed on a Windows server that provides the Fortigate with authentication information.
If you have Terminal Services such as Microsoft or Citrix, the user doesn’t have an IP address, so this gets a little more interesting. There is a Terminal Server Agent that assists with identifying the user of the terminal services, and correctly controlling the internet traffic to/from that terminal user.
The Fortigate appliance controls the access to web sites and protects ( based upon your configured rules ) the users by white/black lists, age appropriate content, or other metrics you configure.
TMG was also used for Outlook Web Access and Sharepoint publishing. The FortiGate appliances can indeed provide these services as well. The Fortigate provides the translation of Public IP addresses, and certificate exchanges. The FortiGate then scans for attacks using IPS, scans for viruses, checks pathways, and monitors the protocols to make sure nothing sneaks through. The FortiGate can also block upon failed logins, or other attempted breaches. It can also do some basic load sharing across multiple application servers.
If you also have Lync in use, the FortiGate appliances can have a couple of extra settings enabled to alow the SIP and additional protocols used within Lync for communications. As always, the FortiGate is inspecting for attacks, and viruses.
TMG is also sometimes used to provide VPN services, which of course, FortiGates do very well. TMG sometimes is also used as a firewall, which again is handled by the Fortigates.
FortiGate appliances have the ability to control the applications that users are trying to access. For example, you can create policies which allow or deny access to web applications such as Facebook. The FortGates have granular controls, so that you could allow your users to view Facebook, but denying the ability to post to Facebook.