Share via


Firewall and Security Overview

Forefront TMG can be deployed as a dedicated firewall that acts as the secure gateway to the Internet for internal clients. Forefront TMG protects all communication between internal computers and the Internet. In a simple firewall scenario, the Forefront TMG computer has two network adapters, one connected to the local network and one connected to the Internet.

You can use Forefront TMG to configure the firewall, configuring policies and creating rules to implement your business guidelines. By setting the security access policies, you prevent unauthorized access and malicious content from entering the network. You can also restrict what traffic is allowed for each user and group, application, destination, content type, and schedule.

Forefront TMG includes the following firewall and security features:

  • Outgoing access policy. You can use Forefront TMG to configure access rules that control how your internal clients access the Internet. Access rules specify which sites and content can be accessed, and which protocols can be used for access.
  • Publishing policy. Forefront TMG can publish internal servers located behind the Forefront TMG computer. Server publishing rules filter all incoming requests to internal servers , such as Simple Mail Transfer Protocol (SMTP) servers, File Transfer Protocol (FTP) servers, Structured Query Language (SQL) servers, and others. A Web publishing rule maps public DNS names and IP addresses to the name or IP address of a Web server located behind the Forefront TMG computer and maps external paths that can be used by users in incoming requests to internal paths of directories on the published Web server. A Web publishing rule also determines how Forefront TMG should handle incoming requests for HTTP objects on the published Web server and how Forefront TMG should respond on behalf of the Web server.
  • Intrusion detection. Integrated intrusion detection mechanisms can alert you when a specific attack is launched against your network. For example, you can configure the Forefront TMG to alert you if a port scanning attempt is detected. For more information, see Intrusions and Alerts.
  • Application filters. Forefront TMG controls application-specific traffic with data-aware filters. Forefront TMG uses the filters to determine if packets should be accepted, rejected, redirected, or modified. For more information, see Application Filters.
  • Authentication. Forefront TMG supports the following built-in Windows authentication methods for Web requests: Integrated authentication, authentication using Secure Sockets Layer (SSL) client certificates, Digest authentication, Advanced Digest authentication, and Basic authentication. Forefront TMG also supports third-party authentication schemes, registered with Web filters. For more information, see About Authentication in Forefront TMG.

 

 

Build date: 7/12/2010