Microsoft Forefront Threat Management Gateway

Microsoft Forefront TMG offers a set of features which include:{{cite web

|url = http://www.microsoft.com/forefront/threat-management-gateway/en/us/features.aspx

|title = Forefront Threat Management Gateway: Features

|publisher = Microsoft corporation

|access-date = 1 March 2010

}}

1. Routing and remote access features: Microsoft Forefront TMG can act as a router, an Internet gateway, a virtual private network (VPN) server, a network address translation (NAT) server and a proxy server.
2. Security features: Microsoft Forefront TMG is a firewall which can inspect network traffic (including web content, secure web content and emails) and filter out malware, attempts to exploit security vulnerabilities and content that does not match a predefined security policy. In technical sense, Microsoft Forefront TMG offers application layer protection, stateful filtering, content filtering and anti-malware protection.
3. Network performance features: Microsoft Forefront TMG can also improve network performance: It can compress web traffic to improve communication speed. It also offers web caching: It can cache frequently-accessed web content so that users can access them faster from the local network cache. Microsoft Forefront TMG 2010 can also cache data received through Background Intelligent Transfer Service, such as updates of software published on Microsoft Update website.

The Microsoft Forefront Threat Management Gateway product line originated with Microsoft Proxy Server. Developed under the code-name "Catapult",{{cite web

|url=https://news.microsoft.com/1996/10/29/microsoft-ships-proxy-server-1-0/

|title=Microsoft Ships Proxy Server 1.0

|work=News Center

|publisher=Microsoft

|date=29 October 1996

|access-date=10 June 2017

|archive-url=https://web.archive.org/web/20121026034220/http://www.microsoft.com/en-us/news/press/1996/oct96/proxypr.aspx

|archive-date=26 October 2012

}} Microsoft Proxy Server v1.0 was first launched in January 1997,{{cite web

|url = http://support.microsoft.com/lifecycle/?p1=2695

|title = Microsoft Support Lifecycle

|access-date = 5 June 2007

}} and was designed to run on Windows NT 4.0. Microsoft Proxy Server v1.0 was a basic product designed to provide Internet Access for clients in a LAN Environment via TCP/IP. Support was also provided for IPX/SPX networks (primarily used in legacy Novell NetWare environments), through a WinSock translation/tunnelling client which allowed TCP/IP applications, such as web browsers, to operate transparently without any TCP/IP on the wire. Although well-integrated into Windows NT4,{{cite web

|url = http://www.windowsecurity.com/articles/Microsoft_ISA_Server_Part_I__introduction_installation_configuration_Web_caching_and_Internet_access.html

|title = Microsoft ISA Server

|date = 30 July 2002

|access-date = 5 June 2007

}} Microsoft Proxy Server v1.0 only had basic functionality, and came in only one edition. Extended support for Microsoft Proxy Server v1.0 ended on 31 March 2002.

Microsoft Proxy Server v2.0 was launched in December 1997,{{cite web

|url = http://support.microsoft.com/lifecycle/?p1=2696

|title = Microsoft Support Lifecycle: Proxy Server 2.0 Standard Edition

|access-date = 5 June 2007

}} and included better NT Account Integration, improved packet filtering support, and support for a wider range of network protocols. Microsoft Proxy Server v2.0 exited the extended support phase and reached end of life on 31 December 2004.

On 18 March 2001, Microsoft launched Microsoft Internet Security and Acceleration Server 2000 (ISA Server 2000).{{cite web

|url = http://support.microsoft.com/lifecycle/?p1=2107

|title = Microsoft Support Lifecycle ISA 2000

|access-date = 9 March 2009

}} ISA Server 2000 introduced the Standard and Enterprise editions, with Enterprise-grade functionality such as High-Availability Clustering not included in the Standard Edition. ISA Server 2000 required Windows 2000 (any edition), and will also run on Windows Server 2003. In accordance with Microsoft's Support Lifecycle Policy, ISA Server 2000 was the first ISA Server product to use the 10-year support lifecycle with 5 years of Mainstream support and five years of Extended support. ISA Server 2000 reached End of Life on 12 April 2011.

Microsoft Internet Security and Acceleration Server 2004 (ISA Server 2004) was released on 8 September 2004.{{cite web

|url=http://support.microsoft.com/lifecycle/?p1=2108

|title = Microsoft Support Lifecycle ISA 2004

|access-date = 9 March 2009

}} ISA Server 2004 introduced multi-networking support{{Clarify|date=March 2010}}, integrated virtual private networking configuration, extensible user and authentication models, application layer firewall support, Active Directory integration, SecureNAT{{Clarify|date=March 2010}}, and improved reporting and management features. The rules based configuration was also considerably simplified over ISA Server 2000 version.

ISA Server 2004 Enterprise Edition included array support, integrated Network Load Balancing (NLB), and Cache Array Routing Protocol (CARP). One of the core capabilities of ISA Server 2004, dubbed Secure Server Publishing, was its ability to securely expose their internal servers to Internet. For example, some organizations use ISA Server 2004 to publish their Microsoft Exchange Server services such as Outlook Web Access (OWA), Outlook Mobile Access (OMA) or ActiveSync. Using the Forms-based Authentication (FBA) authentication type, ISA Server can be used to pre-authenticate web clients so that traffic from unauthenticated clients to published servers is not allowed.

ISA Server 2004 is available in two editions, Standard and Enterprise. Enterprise Edition contains features enabling policies to be configured on an array level, rather than on individual ISA Servers, and load-balancing across multiple ISA Servers. Each edition of ISA Server is licensed per processor. (The version included in Windows Small Business Server 2000/2003 Premium includes licensing for 2 processors.)

ISA Server 2004 runs on Windows Server 2003 Standard or Enterprise Edition. Appliance hardware containing Windows Server 2003 Appliance Edition and ISA Server Standard Edition is available from a variety of Microsoft Partners.{{cite web

|url = http://www.microsoft.com/isaserver/hardware/default.mspx

|title = Deploy ISA Server and IAG in Minutes with Hardware Solutions

|website = Microsoft

|access-date = 5 June 2007

}}

Microsoft Internet Security and Acceleration Server 2006 (ISA Server 2006) was released on 17 October 2006.{{cite web

|url = http://support.microsoft.com/lifecycle/?p1=11928

|title = Microsoft Support Lifecycle ISA 2006

|access-date = 9 March 2009

}} It is an updated version of ISA Server 2004, and retains all features from ISA Server 2004 except Message Screener.

ISA Server 2006 introduced new features including:

• Support for Exchange Server 2007 (referred to as "Exchange 12" in the Microsoft ISA Server 2006 Evaluation Guide){{rp|page=73}}
• New configuration wizards for various tasks such as setting up a "site-to-site VPN connection", publishing SharePoint services, publishing websites, creating firewall rules.{{rp|pages=75,80}}
• Introduction of single sign-on for groups of published web sites.{{rp|page=82}}
• Improvements to user authentication including the addition of LDAP Authentication support{{rp|page=82}}
• Resistance to flood attacks, to protect the ISA server from being "unavailable, compromised, or unmanageable during a flooding attack."{{rp|pages=55, 62–64, 81}}
• Performance features such as BITS Caching, Web Publishing Load Balancing and HTTP compression.{{rp|page=84}}

ISA Server Appliance Edition

Microsoft also offered ISA Server 2006 Appliance Edition. It was designed to be pre-installed onto OEM hardware (server appliances) that are sold by hardware manufacturers as a stand-alone firewall type device.{{cite web|url=http://www.microsoft.com/Forefront/edgesecurity/isaserver/en/us/hardware-partners.aspx|title=Internet Security and Acceleration Server: hardware partners|website=Microsoft|archive-url=https://web.archive.org/web/20090130062737/http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/hardware-partners.aspx|archive-date=30 January 2009|url-status=dead|access-date=21 January 2009}} Along with Appliance Edition, ISA server 2006 Standard Edition and Enterprise Edition were available in preconfigured hardware.{{Cite web|url=http://download.microsoft.com/download/1/C/6/1C6A42B2-79E6-4201-A8B2-73DC0DB8DD47/Evaluation_Guide.doc|title=Microsoft ISA Server 2006 Evaluation Guide|date=July 2006|publisher=Microsoft|format=DOC|archive-url=https://web.archive.org/web/20060902015521/http://download.microsoft.com/download/1/C/6/1C6A42B2-79E6-4201-A8B2-73DC0DB8DD47/Evaluation_Guide.doc|archive-date=2 September 2006|url-status=dead|access-date=2018-08-31}}{{rp|page=76}}

Microsoft Forefront Threat Management Gateway Medium Business Edition (Forefront TMG MBE) is the next version of ISA Server which is also included with Windows Essential Business Server. This version only runs on the 64-bit edition of Windows Server 2008 and does not support Enterprise edition features such as array support or Enterprise policy. Mainstream support for Forefront TMG MBE ended on 12 November 2013.{{Cite web|url=http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=forefront&Filter=FilterNO|title = Search Product and Services Lifecycle Information - Microsoft Lifecycle}}

Microsoft Forefront Threat Management Gateway 2010 (Forefront TMG 2010) was released on 17 November 2009.{{Cite web

|url = http://blogs.technet.com/isablog/archive/2009/11/17/forefront-threat-management-gateway-2010-release.aspx

|title = Forefront Threat Management Gateway 2010 Release

|work = Forefront TMG (ISA Server) team blog

|publisher = Microsoft corporation

|date = 17 November 2009

|access-date = 26 March 2010

|quote = It is our pleasure to announce that Forefront Threat Management Gateway (TMG) 2010 was released to manufacturing yesterday (Nov 16th, 2009) [~snip~]

}} It is built on the foundation of ISA Server 2006 and provides enhanced web protection, native 64-bit support, support for Windows Server 2008 and Windows Server 2008 R2, malware protection and BITS caching. Service Pack 1 for this product was released on 23 June 2010.{{cite web

|title = Download details: Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

|url = http://www.microsoft.com/downloads/details.aspx?FamilyID=f0fd5770-7360-4916-a5be-a88a0fd76c7c&displaylang=en

|date = 23 June 2010

|access-date = 15 July 2010

|work = Microsoft Download Center

|publisher = Microsoft corporation

}} It includes several new features to support Windows Server 2008 R2 and SharePoint 2010 lines of products.{{cite web

|url = https://technet.microsoft.com/en-us/library/ff686709.aspx

|title = What's new in Forefront TMG 2010 SP1

|work = Microsoft TechNet

|publisher = Microsoft Corporation

|date = 15 June 2010

|access-date = 15 July 2010

}} Service Pack 2 for this product was released on 10 October 2011.{{cite web

|title = Download details: Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

|url = http://www.microsoft.com/download/en/details.aspx?id=27603

|date = 10 October 2011

|access-date = 17 November 2011

|work = Microsoft Download Center

|publisher = Microsoft corporation

}} On 9 September 2012 Microsoft announced no further development will take place on Forefront Threat Management Gateway 2010 and the product will no longer be available for purchase as of 1 December 2012. Mainstream support ceased on 14 April 2015 and extended support has ended on 14 April 2020.{{cite web

|title = Important Changes to Forefront Product Roadmaps

|url = http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx

|date = 12 September 2012

|access-date = 22 September 2012

|work = Microsoft TechNet

|publisher = Microsoft Corporation

|url-status = dead

|archive-url = https://web.archive.org/web/20121010140607/http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx

|archive-date = 10 October 2012}}

• Microsoft Servers
• Microsoft Forefront
• Microsoft Forefront Unified Access Gateway

{{Reflist}}

• {{Official website|http://www.microsoft.com/tmg}}
• [https://technet.microsoft.com/en-us/library/ff355324.aspx TMG TechCenter]
• [http://blogs.technet.com/isablog/ Forefront TMG (ISA Server) Product Team Blog]
• [http://tmgblog.richardhicks.com/ Richard Hicks' Forefront TMG Blog]

{{Microsoft Security Products}}

{{Firewall software}}

Forefront Threat Management Gateway

Category:Firewall software

Category:Computer security software

Category:Proxy servers

Category:1997 software

Category:Content-control software