Forefront TMG – The Successor of ISA
1) Native 64-bit and IPv6 support
Forefront TMG is installed on Windows Server 2008 64-bit edition and is able to function even on Layer 2 of the OSI model, which means it can support the upper-level IPv6. Forefront uses the Network Driver Interface Specification (NDIS) driver in order to reach Level 2.
With ISA Server you had to switch the Firewall off in order to run ISA. With Forefront TMG you can leave your Windows Firewall on. Furthermore, you can have specific rules defined for it. But beware that the Windows Firewall setting, no matter if it’s on or off, should NOT be configured through Group Policy. If you use Group Policy for this configuration, your Forefront server won’t be able to register itself, because it has to disable the Windows Firewall to do this.
2) Better malware detection
Forefront TMG uses Malware Protection Engine and signature updates to scan all web pages, which your users are browsing, for viruses, malware, and worms. There are a few exceptions: Microsoft pages are excluded by default, as are Windows and Windows Updates sites. You can also make custom exclusions for specific sites that you trust, in order to get faster performance.
3) URL filtering
One of the greatest new features of Forefront TMG is the URL filtering functionality. It allows you to block all sites of a specific type, like for example, pornography sites. This block list is regularly updated. By using URL filtering, you can block not only several known sites of this type, but also all of the ones that Microsoft has found out there. You can even modify the response blocking page that end users get when trying to open such a site.
However, both the malware detection and URL filtering features require an additional license to be purchased. More information about that can be found here: http://www.microsoft.com/en-us/server-cloud/forefront/threat-management-gateway-buy.aspx
4) HTTPS filtering
Another great feature of Forefront TMG is its ability to inspect all of your traffic, even if it’s SSL secured. For this to work, Forefront acts as a middleman between the web site and the end user in their secured communication. The setup for this feature requires you to add a specific certificate on your client machines and then you’re good to go. You can also exclude specified sites from being HTTPS inspected, such as financial sites.
5) Better Exchange support
It is now possible to install the Edge Transport Role of your Exchange Server along with the Forefront Protection for Exchange on the Forefront TMG server itself. It is best for consolidating servers and for applying security policies.
The features we’ve talked about in this article can help you feel much more confident in your network’s security. They can also make it easier to manage. Keep an eye on our blog for more articles on the Forefront family products.