In Forefront TMG, you can create a Web access policy to control who can access which resources on the Internet, and which protection and other technologies are enabled to help provide a fast and secure browsing experience.
The creation of a Web access policy enables:
Controlling Web access
A Web access policy enables you to control :
- Which Web destinations are allowed or
blocked. You can control access to URL categories, category sets,
and specific Web sites. For example, you can block access to a
specific site for everyone. Alternatively, you may want to allow
managers to access a set of URL categories that you want to deny to
- Which computers or users can access the Web.
For example, you can specify that a set of computers has no access
to the Internet, or you can allow one set of users to access the
Internet but block others.
- Which content types are allowed, based on the
MIME type and file name extension. For example, you can block
access to content containing audio files, such as MP3 and WAV
For information about controlling Web access, see Enabling access to the Internet.
Accelerating access to frequently requested content
A Web access policy also enables you to configure caching of Web content, in order to improve the speed of Web access and improve network performance. For more information, see Caching Web site content.
Inspecting and filtering Web traffic
A Web access policy also enables you to configure various protections from malicious Web content. Forefront TMG includes several protection technologies that can scan Web traffic:
- Malware inspection - When malware
inspection is enabled, downloaded Web pages and files allowed by
access rules are inspected for malware. The Malware Inspection
Filter cleans or blocks harmful HTTP content and files (such as
worms, viruses, and spyware). For more information about protecting
clients from malicious HTTP content, see Configuring protection
from Web-based threats.
- HTTPS inspection - When HTTPS
inspection is enabled, traffic to secure Web sites is scanned for
viruses and other malicious content that could utilize Secure
Sockets Layer (SSL) tunnels in order to infiltrate the organization
undetected. For more information about protecting clients from
malicious HTTPS content, see Configuring HTTPS
- HTTP filtering - You can configure
application-layer HTTP filtering that examines HTTP commands and
data. For example, you can use HTTP filtering to block the use of a
particular peer-to-peer file sharing service. For more information
about using HTTP filtering, see Configuring HTTP
Creating access rules
When you configure a Web access policy, you create a set of access rules that control how client requests for Web resources located in other networks are handled. In the Web Access Policy wizard, you can make global configuration settings that determine how Web traffic is handled.
The tools for creating a Web access policy are located on the Web Access Policy node. There, you can open the Web Access Policy wizard and edit other aspects of the policy.