Forefront TMG builds on top of the core capabilities delivered in Microsoft Internet Security and Acceleration (ISA) Server in order to deliver a comprehensive and integrated network security gateway. The main investments made in Forefront TMG provide additional protection capabilities to help secure the corporate network from external, Internet-based threats:

  
 
Get the datasheet Download an Appliance

  • Web anti-malware is part of a Web Protection subscription service for Forefront TMG. Web anti-malware scans Web pages for viruses, malware, and other threats.
     

  • URL filtering allows or denies access to Web sites based on URL categories (such as pornography, drug, hate, or shopping). Organisations can not only prevent employees from visiting sites with known malware, but also protect business productivity by limiting or blocking access to sites that are considered productivity distractions. URL filtering is also part of the Web Protection subscription service.
     

  • E-mail protection subscription service based on technology integrated from Forefront Protection 2010 for Exchange Server. Forefront TMG serves as a relay for SMTP traffic, and scans e-mail for viruses, malware, spam and content (such as executable or encrypted files) as it crosses the network.
     

  • HTTPS inspection enables HTTPS-encrypted sessions to be inspected for malware or exploits. Specific groups of sites, for example, banking sites, can be excluded from inspection for privacy reasons. Users of the Forefront TMG Client can be notified of the inspection.
     

  • Network Inspection System (NIS) enables traffic to be inspected for exploits of Microsoft vulnerabilities. Based on protocol analysis, NIS can block classes of attacks while minimising false positives. Protections can be updated as needed.
     

  • Enhanced Network Address Translation (NAT) enables you to specify individual e-mail servers that can be published on a 1-to-1 NAT basis.
     

  • Enhanced Voice over IP support includes SIP traversal, enabling simpler deployment of Voice over IP within the network.

Forefront TMG 2010 Editions
There are 5 flavours of TMG Appliances offered by Winfrasoft to suit any requirement. For more information on designing your TMG deployment see the TMG Planning and Design website.
 
TMG Edition Workgroup Standard Branch Enterprise (Array) Enterprise (EMS)
Purpose Workgroup Edition is an all in one solution for standalone deployments where scale our redundancy is not a requirement. Standard Edition is an all in one solution that can also be centrally managed. It caters for a larger number of concurrent VPN connections than Workgroup Edition. Branch Edition is designed for deployment in branch offices where scale our redundancy is required. It is ideal when combined with BranchCache. Enterprise Edition as an array member is the ultimate solution for performance, redundancy and scalability with TMG. It is ideal for large head office deployments. Enterprise Edition as an Enterprise Management Server (EMS) provides the backbone for the central management of all your TMG arrays.
Firewall x
Web Proxy x
Max VPN connections 100 1000 100 4000 N/A
Array Size (Managed) 0 1 2 8 N/A
Network Load Balancing Manual Manual Managed up to 2 Managed up to 8 N/A
Enterprise Management Storage x x x x

Winfrasoft does not restrict TMG Editions to specific hardware sizes like other appliance vendors. We believed every customer is unique and thus flexibility is key to a true solution. As such, all five TMG Editions are available on 3500, 6500 and 9500 series hardware or virtual platforms.
Forefront TMG 2010 highlights

Gateway Appliance Hardware Matrix

TMG Gateway Appliance Datasheet

Reduce your web filtering costs with a single box solution.

Connect your branch offices and increase performance by combining TMG Branch Edition with Windows Server 2008 R2 BranchCache.

Run a LAYER 7 firewall without sacrificing security for performance.