Overview of Microsoft Forefront Threat Management Gateway 2010
Forefront Threat Management Gateway ConsultingForefront Threat Management Gateway (TMG) 2010 is built on the architecture of Internet Security and Acceleration (ISA) Server to provide a full-featured security platform that can be deployed as a web proxy, a remote access gateway, an email relay, or a single-box solution that delivers all these functions. TMG 2010 offers significant enhancements over its predecessor ISA Server 2006 through its ability to work as 64-bit application under Windows 2008 R2, its close integration with Exchange Server 2010 and SharePoint 2010, and its array of security and management features.

Forefront Threat Management Gateway 2010 is no longer available from Microsoft, and the gateway security features provided by the product are typically handled by purpose-built hardware appliances from vendors such as Cisco, Barracuda, Check Point and WatchGuard. (See Cisco ASA firewalls with Firepower Services consulting.) Progent's firewall integration experts can help you manage and troubleshoot your Forefront TMG 2010 environment or assess the business value of migrating to a more modern firewall solution. If you decide that an upgrade makes sense, Progent can help you plan and execute a smooth, cost-effective migration, validate and optimize your firewall configuration, provide custom webinar training to your support staff, and deliver ongoing remote consulting and support services.

Capabilities of Forefront TMG 2010 include a multi-layer firewall, URL filtering with support for Microsoft Reputation Services, signature-based network protocol inspection, certificate-based HTTPS inspection, and extensive VPN support. TMG 2010 includes advanced web security reporting features and streamlines authentication and policy enforcement via integration with Active Directory. Microsoft has discontinued Forefront TMG and offers no equivalent single-product solution that provides universal threat management (UTM) functionality. Many of the capabilities offered by Forefront TMG have been incorporated into current versions of Microsoft server platforms including Windows Server, Exchange, SharePoint and Lync.

Progent's Microsoft-certified firewall consultants can help your organization manage and troubleshoot your Forefront TMG 2010 deployment or help you create an equivalent security solution that utilizes the capabilities built into Microsoft's current generation of server platforms and/or third-party firewalls and load balancers from major vendors including Barracuda and Sophos.

Editions of Forefront Threat Management Gateway 2010
The Standard Edition of TMG 2010 includes all the functionality of its popular predecessor ISA Server 2006 (see Progent's ISA Server 2006 consulting services) and adds web anti-malware, HTTPS inspection, enhanced email security, a new Network Inspection System (NIS) that includes an unlimited subscription to updates from the Microsoft Malware Protection Center (MMPC), plus support for ISP redundancy.

The Enterprise Edition of TMG 2010 includes a Central Management Console for consolidated control of distributed instances or arrays of TMG 2010 SE. This leverages the management capability of the TMG Enterprise Edition by effectively extending it to lower-cost TMG 2010 SE systems installed at branch offices, remote sites, or network boundaries. The Enterprise Edition is also the only version that supports network load balancing for high availability and improved performance, Cache Array Routing Protocol (CARP) for load-balancing HTTP requests across multiple proxy cache servers, and unlimited virtualized CPUs for lower equipment costs and faster recovery.

The Medium Business Edition (MBE) of TMG 2010 is designed for use with Windows Essentials Business Server to act as a secure web gateway. Unlike ISA 2006, TMG MBE does not support arrays for load balancing and failover and does not allow a non-domain joined gateway. TMG MBE also does not offer TMG SE's support for HTTPS inspection, the Network Inspection System for signature-based protocol inspection, and ISP redundancy.

Deployment Options with Forefront Threat Management Gateway 2010
The flexible architecture and rich feature set of Forefront Threat Management Gateway 2010 supports different deployment options to match the security needs of a broad range of organizations. TMG 2010 can be deployed on multiple servers in an array that synchronize with the same configuration storage for high performance and easy management. Basic options include running TMG 2010 as a secure web gateway, a remote access gateway, a secure email relay, or a single-box unified threat management (UTM) solution that serves all these functions. Capabilities of TMG 2010 that support these deployment options include:

Secure Web Gateway

  • Web proxy offering authentication and security
  • Web anti-malware provided with Web Protection subscription service
  • URL filtering integrated with Microsoft Reputation Services
  • HTTP filtering and HTTPS traffic inspection
  • Network Inspection System (NIS) for Internet protocols
  • Trickling of file content during inspection to prevent web timeouts
  • Centralized cache management for
Remote Access Gateway
  • Dial-in VPN
  • Site-to-site VPN
  • VPN traffic inspection and quarantine
  • Secure publishing of web servers, internal servers, and Terminal Services
  • SSL bridging with decryption and recryption
  • Interoperability with Windows Server 2008 R2 BranchCache for localized web caching
Secure Email Relay
  • Protection from spam and malware
  • Email content filtering
  • Support for Exchange Edge Transport Server (EETS) and Forefront Protection 2010 for Exchange Server (FPES)
  • Single-server deployment of TMG, EETS and FPES for easy management and edge protection
  • Native support for Network Load Balancing to improve speed, availability, and manageability
  • Signature-based protection for SMTP, POP3, IMAP and MIME protocols
Unified Threat Management
  • Economical single-box security solution for mid-size businesses
  • Firewall
  • Intrusion Protection System (IPS)
  • VPN
  • Email relay
New and Improved Features of Forefront Threat Management Gateway 2010
TMG 2010 is built on ISA Server 2006's core capabilities and incorporates important new features and improvements. New and enhanced features provided with the latest version of TMG 2010 include:
  • Web anti-malware provided by the Web Protection subscription service scans web pages for viruses, malware, worms, and other threats.
  • URL filtering provided by the Web Protection subscription service controls web site access according to URL categories, allowing you to block sites with dangerous, objectionable, or distracting content.
  • E-mail protection subscription service based on FPES allows TMG 2010 to act as a secure relay for SMTP traffic, scanning for viruses, malware, spam and content (e.g., executable or encrypted files)
  • HTTPS inspection examines HTTPS-encrypted web traffic for malware and exploits or to enforce the corporate policy.
  • Network Inspection System (NIS) protects Microsoft applications from threats embedded in common network protocols including HTTP, DNS, SMB, RPC, and SMTP. TMG 2010 includes an unlimited subscription to the signature library maintained by Microsoft's MMPC team.
  • Enhanced Network Address Translation (NAT) allows you to designate e-mail servers to be published on a 1-to-1 NAT basis to avoid address incompatibility issues.
  • SIP traversal allows easier configuration of Voice over IP services inside the network.
  • Installation on Windows Server 2008 gives Forefront TMG 2010 64-bit support with more memory space and scalability.
  • New User Activity report documents and categorizes web surfing activity for specified users and time periods.
  • BranchCache can reduce bandwidth use and improve web performance when TMG 2010 is the Hosted Cache server at the branch office on a Windows 2008 R2 Server.
  • Secure SharePoint 2010 publishing is now supported on Forefront TMG 2010.
  • SafeSearch, enforceable on specified groups or company wide, can block objectionable search results including text, images/, and videos found by popular search engines.
HTTPS Traffic Inspection
TMG 2010's ability to inspect encrypted HTTPS traffic is a significant enhancement over ISA Server 2006 because HTTPS sessions typically represent 10-15% of total web traffic. With HTTPS inspection, Forefront TMG is able to examine web traffic that has been encrypted within Secure Socket Layer (SSL) tunnels. HTTPS inspection can police inbound and outbound traffic to block viruses and other malware, prevent access to sites with expired certificates, or to thwart attempts to circumvent web access policies by using encrypted tunneling applications over a secure channel.

Microsoft Forefront TMG Network Inspection System Consulting

Forefront TMG provides HTTPS security by standing between the client computer initializing the HTTPS connection and the secure web site. TMG intercepts the client request and creates an SSL tunnel to the target site to validate the site's server certificate. TMG uses the details of the secure site's certificate to create a new SSL certificate and signs it with TMG's HTTPS inspection certificate. TMG then presents the new certificate to the client and uses the certificate to establish a separate rate SSL tunnel. The client will already have the HTTPS inspection certificate in its Trusted Root Certification Authorities certificate store and will trust any certificate signed by this certificate. TMG allows you to exclude designated sites from HTTPS inspection. This is useful, for example, for banking sites or sites that use self-signed certificates. Forefront TMG can also notify users automatically that HTTPS traffic is being inspected.

How Progent Can Help You with Forefront Threat Management Gateway 2010
Progent offers efficient online expertise for all aspects of managing and troubleshooting Forefront Threat Management Gateway 2010 and can help you follow industry best practices with tasks that include:

  • Supporting Forefront TMG on Windows Server 2008
  • Supporting TMG on a Headquarters Domain Controller or Remote Office Domain Controller
  • Configuring networks, routing, roles, and permissions
  • Configuring virtual TMG servers and arrays of TMG servers
  • Configuring client computers and authentication servers
  • Creating and configuring firewall policy, access rules, and VoIP settings
  • Installing BranchCache in TMG
  • Configuring VPN access and enforcing VPN client health
  • Publishing Microsoft applications and server roles including Exchange, SharePoint, OWA, and web servers
  • Enabling malware inspection, exceptions, and definition updates
  • Configuring HTTPS inspection, exclusions, and certificate updates
  • Configuring email protection with spam, virus, and content filtering
  • Administering, monitoring, and backing up TMG
  • Setting up load balancing and establishing redundant ISPs for high availability and performance
  • Creating standard and custom management reports
Progent can also help you plan and build up-to-date security solutions that incorporate the latest platforms and services available from Microsoft and third-party vendors. To help you benefit from the security features included with Microsoft's new-generation servers, Progent offers Windows 2012 R2 support, SharePoint Server consulting, Exchange Server 2016 expertise, Skype for Business support and Microsoft Lync Server 2013 management and troubleshooting.

Progent's certified network security engineers can show you how to design an enterprise-wide security strategy that incorporates disaster recovery planning and periodic network vulnerability scanning. Progent's Microsoft System Center Operations Manager (SCOM) network monitoring experts can assist you to protect your IT environment by proactively detecting and resolving potential network problems before they can disrupt productivity. Progent maintains a team of online Cisco CCIE-certified network engineers who offer cost-effective expertise to troubleshoot challenging problems with your network infrastructure.

Contact Progent for Microsoft Forefront Threat Management Gateway 2010 Solutions
For more information about how Progent can help you with Forefront TMG, call 800-993-9400 or visit Contact Progent.

Progent's Support Services for Microsoft .NET Server Technology
For small companies anywhere in the U.S., Progent's Microsoft-certified experts can provide network assistance and IT consulting support for the whole family of Microsoft .NET Enterprise Servers, Windows Server 2012 R2, Windows 2008 R2 Server, and Windows 2003 Server. Progent's migration, integration, update, and consulting capabilities cover system architecture, configuration, and administration outsourcing for project analysis and documentation, local and off-site IT support and system troubleshooting, Help Desk Outsourcing Support, certified security consulting, IT outsourcing, and ProSight Virtual Hosting services.

In case your company needs fast online help from a Microsoft certified consultant, go to Progent's Urgent Remote Network Support.

Read more details concerning Progent's Consulting and Support Services for Microsoft .NET Server Technology.

© 2002- 2019 Progent Corporation. All rights reserved.

More topics of interest:

An index of content::

64-bit Computing Consultant Consultant for 64-bit Computing
8800-EX Wireless IP Phone Configuration Setup and Support for IP Communications
Alpharetta Systems Consultant Alpharetta, Georgia Tech Outsourcing
BlackBerry Professional Software Security Consulting Company Top Rated BlackBerry BES Server Administration in Montgomery County, Alabama
BlackBerry Software Support Outsourcing Washington District of Columbia BlackBerry Software Solutions Provider
BlackBerry Synchronization Integration Specialists Small Business Network Consultants in Cincinnati, Hamilton County
BlackBerry Synchronization Networking Consultants BlackBerry Consulting Services
BlackBerry Synchronization Networking Consultants RIM BlackBerry Small Office IT Support Burlingame, CA
CCIE Expert Certified Arizona Computer Consultation Arizona - Phoenix, AZ, Tucson, AZ, Mesa, AZ, Glendale, AZ, Scottsdale, AZ Consulting Group
CISM Engineer Freelancing Job Work At Home Job for CISSP Engineer in Fort Worth, TX
CISM Engineer Telecommuting Jobs Westlake Microsoft Remote Consultant Open Positions
CISSP Consulting Subcontractor Jobs Microsoft MCP Remote Engineer Open Positions
CISSP Technology Consulting Services Security Group for Firewall Ontario, San Bernardino County
California Consultant Services for Forefront Threat Management Gateway Ubuntu Linux, Sun Solaris, UNIX Help and Support
Cisco CCIE Security Network Engineer Telecommuter Jobs Remote Cisco CCIP Support Telecommuting Jobs
Cisco Computer Consultancy Firm Network Solutions Albuquerque, NM
Cisco Network Design and Configuration Cisco Small Office IT Consulting Maricopa County Arizona
Cisco Network Security Consultants Local Cisco Security Consultant Kern County California
Cisco Networking Services Cisco Computer Expert in Georgia
Computer Consulting Firm Cisco Design Companies Vermont
Computer Engineer for Forefront TMG in San Francisco Bay Area Cisco and Microsoft Certified Experts Engineer
Computer Engineer for Mandrake Linux, Sun Solaris, UNIX Suse Linux, Sun Solaris, UNIX Support and Setup
Connecticut Maintenance Cisco Connecticut Server Integrators
Consult for Security Evaluation Security Assessment Engineers
Consult for Slackware Linux CentOS Linux Help and Support
Consultant Network Consultant in Birmingham, AL, Montgomery, AL, Mobile, AL, Huntsville, AL
Consultant for Active Directory Windows Active Directory Consultant
Consulting for Debian Linux, Sun Solaris, UNIX Specialists for Suse Linux, Sun Solaris, UNIX
Denver, Colorado IT Specialists Denver On-Call Services
Designers Washington Computer Network Support
Engineers for Citrix XenDesktop Citrix VHD desktops Support Services
Exchange 2010 Server Outsourcing Company Exchange Server 2013 Network Consulting Firms DC
Exchange Server 2013 Computer Consulting Companies Nashville Goodlettsville Information Technology Outsourcing Firm
Forefront Network Inspection System Remote Support San Antonio, Texas Windows 2019 Server Network Consulting Service in Kansas City, MO
Forefront TMG IT Consultants in Minnesota IT Technical Support Company for Colorado Springs
Forefront TMG Technical Support Services in Detroit, MI SQL Server 2016 Computer Outsourcing Consultant in Arlington, Kennedale, Grand Prairie
Forefront Threat Management Gateway 2010 Integration Services Honolulu, HI Network Security Consulting
Fort Wayne, Indiana Setup and Support for Microsoft Forefront TMG Cisco Small Business IT Consultants
Full-Time Jobs Help Desk Support Employment
Help Desk Call Center Support Outsourcing Network Consulting for Network Support Help Desk
Help Desk Computer Network Support Company Repair Installation for Cisco CCIE in Morgan Hill Santa Clara County
IT Outsourcing Firm BlackBerry Support Company
IT Services CISSP Cybersecurity Firm Virginia Beach, Virginia
Installation Cisco Experts Newark Business Computer Server Companies
Integration for Forefront TMG Firewall Portola Valley, CA Design Companies
Internet Security and Acceleration Server 2006 Remote Support Emergency ISA 2006 Firewall Services
Jacksonville, Miami, Saint Petersburg, FL Computer Consulting Firms Phone Support
Jersey City, NJ IT Management Small Business IT Consultants
Local Government Cisco Consultant Microsoft Certified Expert Consulting Services
Los Angeles, CA Network Installations California Software Consulting Services
MCSE Remote Support Career Opportunities Subcontractor Jobs Richmond
Microsoft Azure hybrid cloud integration Professional Enterprise hybrid cloud integration Technology Professional
Microsoft Exchange Server 2013 Contractor Exchange 2003 Server IT Consulting Firm St Louis Missouri
Microsoft Forefront TMG 2010 Consultant Services in Portland Microsoft SQL 2014 Small Office Computer Consultant Culver City
Microsoft Forefront TMG 2010 Support and Setup in Silicon Valley Upgrade Cincinnati Milford
Microsoft Forefront TMG Specialist Arizona Microsoft SharePoint 2010 Specialist Glendale, CA
Microsoft MCDST Consulting Telecommute Job Microsoft Consulting Jobs Available Cotati, Windsor CA
Microsoft MCP Consultant Subcontractor Denver, CO MCSE Remote Consultant Full-Time Jobs
Microsoft MCP Engineer Telecommuting Jobs Network Consultant Positions
Microsoft SQL 2014 Network Specialists Microsoft SQL Server Contractor in Silicon Valley, California
Microsoft SQL Server 2016 Computer Consultancy Group SQL Server 2012 Contractor in San Francisco Airport SFO
Microsoft SQL Server 2017 Server Integrators SQL Server 2014 Software Consulting Services
Microsoft SharePoint 2013 Network Consultant Computer Consulting in New England
Microsoft SharePoint Server 2013 Outsourcing SharePoint Server 2013 Computer Consultant
Microsoft and Cisco Certified Network Security Consultant Baltimore Maryland Tech Support Outsource
Migration Companies for BlackBerry Top Rated Server Consultants
Missouri Tech Consultant Missouri Small Business IT Outsourcing
Network Assessment Network Admin Companies
Network Consulting Ohio Support and Setup in Long Beach
Network Design and Configuration Microsoft Windows Server 2016 Small Business IT Consulting Firm
Network Engineer SharePoint Server Remote Consulting
Network Engineer for ISA 2004 Enterprise Edition Server ISA 2000 Server Online Technical Support
Network Monitoring Remote Consulting Integration Support for MOM 2007
Network Outsource for BlackBerry Professional Software BlackBerry Email Integration Firm Omaha, Douglas County
Network Recovery Windows Server 2016 Network Administration in Oakland California
Network Recovery for Microsoft SQL 2008 SQL Server 2016 Network Consulting in Irvine
Network Security Auditor for CISSP Security Security Organizations
New Hampshire Consulting Services Company Technology Consultant for Manchester New Hampshire
New York City, Buffalo, Rochester, Syracuse, Yonkers, Albany Network Design Consultant New York IT Outsourcing Firm
Online Help Consultant Services Colorado
Online Technical Support Microsoft SharePoint Server 2010 Remote Technical Support in Oakland
Onsite Support Cisco Network Consulting Company in Virginia
Onsite Technical Support for Linux Linux Online Support in Kansas City, KC, Missouri
Professional for Microsoft SQL Server Support and Help
Red Hat Linux, Sun Solaris, UNIX Consulting Services On-site Support for Debian Linux, Solaris, UNIX in Baltimore Downtown
Remote Support for Forefront Network Inspection System Monterey, CA Consulting Firm Ohio - Columbus, OH, Cleveland, OH, Cincinnati, OH, Toledo, OH
Remote Technical Support for Microsoft SharePoint Server 2013 Microsoft SharePoint IT Consulting in Ted Stevens Airport Anchorage ANC
SMS Server 2003 Upgrade Online Support Microsoft SMS Network Consultants
SQL 2012 Computer Support SQL Server 2014 Information Technology Consulting Firm
SQL Server 2012 Computer Installation Microsoft SQL Server Computer Network Specialists
SQL Server 2012 Network Support Service Small Office Computer Consultants for SQL Server 2014
SQL Server 2012 Providers Microsoft SQL 2008 Implementation
SQL Server 2012 Small Office Computer Consultants SQL Server 2012 Support Group in Fayette County Kentucky
San Jose Integration Specialist Northern California San Jose Information Technology Consulting Firms
Saratoga Technology Support Top Ranked Cisco and Microsoft Certified Expert San Jose Security Consulting in California
Security Cybersecurity Tech Services Denver Mile High City Security Consultant
Security Firewall Configuration CISSP Compliance Auditor
Server Integrators for Michigan Michigan Software Consulting
SharePoint 2010 Technical Support Services Microsoft SharePoint Server Support and Setup in Collin County Texas
SharePoint Server 2010 Network Consultant Remote Support Services
Slackware Linux, Solaris, UNIX Technology Consulting Computer Consultant Nashville Tennessee
Small Business Computer Consulting Group for Exchange 2007 Microsoft Exchange 2016 Phone Support Services in MIA
Specialists Cisco Certified Experts Network Consulting Group for Jacksonville, FL
Sun Solaris Online Troubleshooting Linux Support and Help in Texas
Sunnyvale Forefront TMG Firewall Troubleshooting City of Washington Freelance Jobs
Support Team for Nationwide Remote Minnesota Technical Consultant
Support and Setup Consulting for Solaris Austin, Texas
Suse Linux, Solaris, UNIX Outsourcing Fedora Linux, Solaris, UNIX Online Help
Suse Linux, Sun Solaris, UNIX Support and Integration Emergency Online Help Norfolk Virginia Beach
System Recovery for Iowa Des Moines, Polk County, Iowa Internet Networking Consultants
Tennessee Experts Microsoft Expert Memphis Tennessee Help
Threat Management Gateway 2010 Consultant Services Cisco CCIE Security Engineer Jobs Available in Augusta, GA
Threat Management Gateway 2010 Online Consulting Plano Networking Consultants
Threat Management Gateway 2010 Specialist Support Consultant
Threat Management Gateway Engineer Computer Consultant Full-Time Jobs Jefferson County Kentucky
Threat Management Gateway Information Technology Consulting Louisville Outsourcing in Phoenix
Troubleshooting IT Consulting Firms Yonkers, NY
Troubleshooting in Jefferson, OH Anaheim, Orange County Virtual Office Job
Windows 2019 Server Small Business Network Consultant Independent Windows 2019 Server Network Setup
Windows Network Support Technician Windows Server 2012 R2 Networking Firm
Windows Server 2012 R2 Network Consulting Firms Windows Server 2012 R2 Support Firms
prime infrastructure Professionals Cisco IT Consultants for wi-fi controller