Forefront TMG Beta Features

URL Filtering

Destination URLs are examined for compliance with corporate policy and for malicious potential of destination Web site. Forefront TMG uses Microsoft Reputation Services for URL filtering, combining multiple sources to increase coverage of URLs and categorization.

URLs and categories will increase as the Forefront TMG Beta 3 continues through Summer 2009.

E-mail security

Forefront TMG provides central management for Exchange and Forefront Security for Exchange when located on the same server. Forefront TMG does not include either Exchange or Forefront Security for Exchange. Both must be purchased and installed separately.

Network Inspection System (NIS)

Traffic can be inspected for exploits of Microsoft vulnerabilities. Based on protocol analysis, NIS enables blocking of classes of attacks while minimizing false positives. Protections can be updated as needed.

Enhanced Voice over IP support

Forefront TMG Beta 2 includes SIP traversal, enabling simpler deployment of Voice over IP within the network.

Windows Server 64-bit support

Forefront TMG Beta 2 is installed on Windows Server 2008 with 64-bit support.

Multi-layer firewall

Forefront TMG provides access control and protection on three layers: packet filtering, stateful inspection, and application layer filtering.

Granular HTTP controls

Forefront TMG delivers customizable, granular controls to HTTP traffic, including:

 - File download controls

 - Signature-based blocking

 - HTTP method controls

Forefront TMG provides strong controls over Web-based threats.

Extensive protocol support

Forefront TMG delivers out-of-the-box support for many protocols. New protocols can be defined.

Highly secure e-mail access from Outlook Client

Remote users can access Exchange Server using the full Outlook MAPI client over the Internet without establishing a VPN connection. The connection is encrypted for security.

Highly secure publishing of Web servers, internal servers, and Terminal Services

Remote users can access internal resources or Web servers more securely. Link translation is provided.

Delegation of basic authentication

Forefront TMG helps protect published Web sites from unauthenticated access by requiring the Forefront TMG firewall to authenticate the user before the connection is forwarded to the published Web site. This prevents exploits from unauthenticated users from reaching the published Web server.

SSL bridging support

To guard against embedded attacks in HTTP traffic, SSL bridging allows SSL protected packets to be decrypted by Forefront TMG, inspected, and re-encrypted.

Site-to-site VPN

Forefront TMG enables quick connectivity between sites via wizard-based approach. Also can be configured for tunnel-mode IPSec for support of third party devices.

Inspection of VPN traffic

VPN traffic terminated on the Forefront TMG server is inspected according to the appropriate security policy.

SecureNAT for VPN clients

Forefront TMG helps ensure remote users connected to the network can gain Internet access while maintaining a strong security policy for the corporate network.

Enterprise policy

Policy can be assigned to gateways, arrays, or enterprise-wide.

Real-time monitoring and reporting

Logs may be viewed real-time or historically – including active sessions.

Report creation and publishing

Reports can be designed for specific needs and then published locally or to a network file share.

Delegated permissions

Admin roles can be delegated to users or groups.

Network load balancing

Forefront TMG leverages network load balancing to provide fail over and scaling of performance.

Caching

Forefront TMG provides caching to improve user experience and reduce bandwidth costs. With the centralized cache rule mechanism of Forefront TMG, you can configure how objects stored in the cache are retrieved and served from the cache.

HTTP compression

You can reduce file size by using algorithms to eliminate redundant data during transmission of HTTP packets.