Migrating Microsoft Forefront TMG to redundant Cisco ASA 5515-X firewalls

OData support
Oláh István
Department of Automation and Applied Informatics

In today's computer networks the appropriate security policies, application and fault-tolerant operation are very important and also to protect sensitive data. Microsoft Forefront family provides comprehensive security solutions in all aspects of the system. With the help of Threat Management Gateway you can protect the network and ensure the fault-tolerant operation. However, the manufacturer terminated the product sales in 2012 and soon will also end the support of the product.

In my thesis I show an alternative to the substitution of the TMG. With next generation Cisco ASA products most services of the TMG can be replaced, moreover we can create a faster, more advanced and secure system.

In the first half of my work I present important services of TMG and ASA, and give an overview of evolution and operation of firewalls. In the second half I present the configuration of the Cisco firewalls in a test environment from the connection of firewalls through the creation of security policy to setup AnyConnect client VPN.

Finally in the last chapter I introduce an implementation plan, what covers the main steps of the migration in a real environment. After the plan I summarize the experience, what I got from the configuration of the test environment.

My thesis contains useful information for network professionals or system administrators, who want to replace Microsoft Forefront TMG with Cisco products. The process of migration and the configurations are clear with the help of my planned test environment.


Please sign in to download the files of this thesis.