Forefront TMG provides Web access control and protection for internal users accessing the Internet, by providing authentication, packet filtering, stateful inspection, and application layer filtering.
This topic is designed to help you plan for access from your organization’s internal network to the Internet. It provides information on the following:
- Authenticating internal
- Controlling Web access
- Inspecting and filtering
- Accelerating Web access
Authenticating internal users
Forefront TMG can require internal users to authenticate before they are allowed to access the Internet. For information, see Planning for Web access authentication.
Controlling Web access
Access to the Web through Forefront TMG is controlled by a Web access policy. A Web access policy determines who can access which resources on the Internet, and which protection and other technologies are enabled to help provide a fast and secure browsing experience.
To control Web access, a Web access policy enables you to define:
- Web destinations to which access is allowed
or blocked. You can control access to URL categories, category
sets, and specific Web sites. For example, you can block access to
a specific site for everyone. Alternatively, you may want to allow
managers to access a set of URL categories and deny access to other
- Which computers or users can access the Web.
For example, you can specify that a set of computers has no access
to the Internet, or you can allow one set of users to access the
Internet, and block others.
- Which content types are allowed, based on the
MIME type and file name extension. For example, you can block
access to content containing audio files, such as MP3 and WAV
For information about Forefront TMG policies, see Planning to control network access.
Inspecting and filtering Web traffic
A Web access policy also enables you to configure various protections from malicious Web content. Forefront TMG uses several protection technologies to scan Web traffic, to help protect your network from malicious Web content:
- Malware inspection—Inspects downloaded Web
pages and files for malware. For information, see Planning to protect
against malicious Web content.
- URL filtering—Allows or blocks access to Web
sites based on their categorization in the URL filtering database.
For information, see Planning for URL
- HTTP filtering—Application-layer HTTP
filtering that examines HTTP commands and data. For information,
see Planning for
- HTTPS inspection—Scans traffic to secure Web
sites for viruses and other malicious content that could utilize
Secure Sockets Layer (SSL) tunnels, in order to infiltrate the
organization undetected. For information, see Planning for HTTPS
Accelerating Web access
You can use Forefront TMG to cache frequently requested Web content to improve Web access speed and network performance. For information, see Planning to cache Web content.