When you apply changes to the firewall policy or to network rules, Forefront TMG ensures that all existing client connections comply with the new policy or rules, and terminates connections that are not allowed.

In the Forefront TMG Management console, configuration changes are only applied when you click the Apply button on the Apply Changes bar; the Apply Changes bar appears automatically, whenever you make configuration changes.

Policy enforcement takes place when a connection is established, and when the following rule elements change:

If you modify rule elements that are not going to be reevaluated, such as User Sets or Content Types that were not originally used for evaluation, and you want to ensure that no existing connections violate the new policy, then you should end client sessions manually in the Forefront TMG Management console (as described in Monitoring client sessions), or restart the firewall service.

Note the following:

Related Topics