Enabling and configuring NIS

  • Article

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to enable and configure the Network Inspection System (NIS) in Forefront TMG secure Web gateway.

The following procedures describe:

  • Enabling NIS

  • Configuring NIS response to protocol anomalies

    Note

    Protocol anomalies refer to anomalies in network traffic, where the traffic does not comply with protocol standards such as RFCs and common implementations.

  • Exempting network entities from NIS scans

    Tip

    A typical entity that you might want to exclude is a detection IP address, which is an isolated, unprotected IP address used by a firewall administrator to learn about network attacks.

  • Next steps

Enabling NIS

  1. In the Forefront TMG Management console, in the tree, click the server name node.

  2. On the Tasks tab, click Launch Getting Started Wizard, and then click Define deployment options.

  3. On the Microsoft Update Setup page, select an update method and click Next.

  4. On the Forefront TMG Protection Features Settings page, verify that the license for NIS is set to Activate complementary license and enable NIS.

  5. On the NIS Signature Update Configuration page, note the following:

    1. If you want to automatically install new signature sets, ensure that Check for and install updates (recommended) is selected.

    2. Under Automatic polling frequency, select the polling frequency appropriate for your organization. The default frequency is Every 15 minutes. Note that this setting applies to NIS only; the polling frequency settings for other updatable protections are located in the Update Center.

    3. The Effective response policy for new signatures setting applies to newly downloaded and installed signatures only. The setting is applied to each set of signatures that is downloaded. Any signature that is not set to the Microsoft default response is flagged as requiring attention on the Network Inspection System tab, which is located on the Intrusion Prevention System details pane.

Configuring NIS response to protocol anomalies

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. On the Tasks tab, click Define Exceptions.

  3. On the Protocol Anomalies Policy tab, configure the NIS’s response to protocol anomalies.

  4. When finished, on the Apply Changes bar, click Apply.

Exempting network entities from NIS scans

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. Click the Network Inspection System (NIS) tab, and on the Tasks tab, click Define Exceptions.

  3. On the Exceptions tab, click Add, and then select the network entities you want to exclude from inspection.

  4. When finished, on the Apply Changes bar, click Apply.

Next Steps

Before you can use Forefront TMG to block attacks on known vulnerabilities, make sure that Forefront TMG is updated with the latest NIS signature set. For information, see Configuring and verifying NIS signature set downloads.

Concepts

Configuring NIS in Forefront TMG secure Web gateway