Firewall and
Security Overview
Forefront TMG can be deployed as a dedicated firewall that acts as the
secure gateway to
the Internet for internal clients. Forefront TMG protects all
communication between internal computers and the Internet. In a
simple firewall scenario, the Forefront TMG computer has two
network adapters, one connected to the local network and one
connected to the Internet.
You can use Forefront TMG to configure the firewall, configuring
policies and creating rules to implement your business guidelines.
By setting the security access policies, you prevent unauthorized
access and malicious content from entering the network. You can
also restrict what traffic is allowed for each user and group, application,
destination, content type, and schedule.
Forefront TMG includes the following firewall and security
features:
- Outgoing access policy. You can use Forefront TMG to
configure access rules that control how your internal clients
access the Internet. Access rules specify which sites and content
can be accessed, and which protocols can be used for access.
- Publishing policy. Forefront TMG can publish internal
servers located behind the Forefront TMG computer. Server
publishing rules filter all incoming requests to internal servers ,
such as Simple
Mail Transfer Protocol (SMTP) servers, File Transfer
Protocol (FTP) servers, Structured
Query Language (SQL) servers, and others. A Web publishing
rule maps public DNS names and IP addresses to the name or IP
address of a Web server located behind the Forefront TMG computer
and maps external paths that can be used by users in incoming
requests to internal paths of directories on the published Web
server. A Web publishing rule also determines how Forefront TMG
should handle incoming requests for HTTP objects on the published
Web server and how Forefront TMG should respond on behalf of the
Web server.
- Intrusion detection. Integrated intrusion detection
mechanisms can alert you when a specific attack is launched against
your network. For example, you can configure the Forefront TMG to
alert you if a port scanning attempt is detected. For more
information, see Intrusions and
Alerts.
- Application filters. Forefront TMG controls
application-specific traffic with data-aware filters. Forefront TMG
uses the filters to determine if packets should be accepted,
rejected, redirected, or modified. For more information, see
Application Filters.
- Authentication. Forefront TMG supports the following
built-in Windows authentication methods for Web requests: Integrated
authentication, authentication using Secure Sockets
Layer (SSL) client certificates, Digest
authentication, Advanced
Digest authentication, and Basic
authentication. Forefront TMG also supports third-party
authentication schemes, registered with Web filters. For more
information, see About Authentication in
Forefront TMG.
Send comments
about this topic to Microsoft
Build
date: 11/30/2009
© 2008 Microsoft Corporation. All rights reserved.