Forefront TMG Web publishing makes Web content securely available to groups of users or to all users who send requests to your organization from the Internet. The Web content requested is typically stored on Web servers in the Internal network or in a perimeter network (also known as a screened subnet or a demilitarized zone (DMZ)).
With Web publishing rules, you can allow or deny requests based on defined access policies. You can restrict access to specified users, computers, or networks, require user authentication, and inspect the traffic. Content caching enables Forefront TMG to cache Web content and to respond to user requests from the cache without forwarding the requests downstream to the published Web server. Web publishing rules have many features, including the following:
- Mapping requests to specific internal paths
to limit the portions of your Web servers that can be accessed.
- Delegation of user credentials for
authenticating Forefront TMG to the Web server after authentication
by Forefront TMG, without requiring users to supply their
credentials for a second time.
- Link translation for replacing internal host
names and paths in Web content with public names and external
- Secure Sockets Layer (SSL) bridging, which
enables Forefront TMG to inspect incoming HTTPS requests and then
forward them to the Web server over an encrypted SSL channel.
- Load balancing of client requests among the
Web servers in a server farm, with maintenance of client affinity
for increased availability and improved performance.
For more background information about the settings in Web publishing rules, see Planning for publishing.