Introduction to configuring web access

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

In Forefront TMG, you can create a web access policy to control who can access which resources on the Internet, and which protection and other technologies are enabled to help provide a fast and secure browsing experience.

Controlling web access

A web access policy enables you to control:

  • Which web destinations are allowed or blocked. You can control access to URL categories, category sets, and specific web sites. For example, you can block access to a specific site for everyone. Alternatively, you may want to allow managers to access a set of URL categories that you want to deny to other employees.

  • Which computers or users can access the web. For example, you can specify that a set of computers has no access to the Internet, or you can allow one set of users to access the Internet but block others.

  • Which content types are allowed, based on the MIME type and file name extension. For example, you can block access to content containing audio files, such as MP3 and WAV files.

For information about controlling web access, see Enabling access to the Internet.

Accelerating access to frequently requested content

A web access policy also enables you to configure caching of web content, in order to improve the speed of web access and improve network performance. For more information, see Caching website content.

Inspecting and filtering web traffic

A web access policy also enables you to configure various protections from malicious web content. Forefront TMG includes several protection technologies that can scan web traffic:

  • Malware inspection - When malware inspection is enabled, downloaded web pages and files allowed by access rules are inspected for malware. The Malware Inspection Filter cleans or blocks harmful HTTP content and files (such as worms, viruses, and spyware). For more information about protecting clients from malicious HTTP content, see Configuring protection from web-based threats.

  • HTTPS inspection - When HTTPS inspection is enabled, traffic to secure web sites is scanned for viruses and other malicious content that could utilize Secure Sockets Layer (SSL) tunnels in order to infiltrate the organization undetected. For more information about protecting clients from malicious HTTPS content, see Configuring HTTPS inspection.

  • HTTP filtering - You can configure application-layer HTTP filtering that examines HTTP commands and data. For example, you can use HTTP filtering to block the use of a particular peer-to-peer file sharing service. For more information about using HTTP filtering, see Configuring HTTP filtering.

Creating access rules

When you configure a web access policy, you create a set of access rules that control how client requests for web resources located in other networks are handled. In the Web Access Policy wizard, you can make global configuration settings that determine how web traffic is handled.

The tools for creating a web access policy are located on the Web Access Policy node. There, you can open the Web Access Policy wizard and edit other aspects of the policy.

Concepts

Configuring web access