The following summarizes the system hardware requirements, and software and deployment requirements for installing Forefront Unified Access Gateway (UAG).

If you are reading this help from the Forefront UAG Management console, the latest version of this topic is available in the Forefront UAG TechNet library.

Hardware requirements


2.66 gigahertz (GHz) or faster processor. Dual core CPU


4 GB

Hard drive

2.5 gigabyte (GB) (in addition to Windows requirements)

Network adapters

Two network adapters that are compatible with the computer operating system. These network adapters are used for communication with the internal corporate network, and the external network (Internet). Note that deploying Forefront UAG with a single network adapter is not supported.

Software requirements

Operating system

Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.

Windows roles and features

The following roles and features are installed by Forefront UAG, and are required for Forefront UAG to function properly.

  1. Network Policy Server

  2. Routing and Remote Access Services

  3. Active Directory Lightweight Directory Services Tools

  4. Message Queuing Services

  5. Web Server (IIS) Tools

  6. Network Load Balancing Tools

  7. Windows PowerShell

Roles and features installed during Forefront UAG setup are not uninstalled automatically if you uninstall Forefront UAG. They must be removed manually after uninstalling Forefront UAG.

Other software

Forefront UAG automatically installs and uses the following applications:

  1. Microsoft .NET Framework 3.5 SP1

  2. Windows Web Services API

  3. Windows Update

  4. Microsoft Windows Installer 4.5

  5. SQL Server Express 2005

  6. Forefront TMG is installed as a firewall during Forefront UAG setup. Following setup, Forefront TMG is configured to protect the Forefront UAG server. For information about running Forefront TMG with Forefront UAG, see Supported Forefront TMG configurations.

  7. The Windows Server 2008 R2 DirectAccess component is automatically installed. For more information, see the Forefront UAG DirectAccess technical overview.

Software deployment requirements

Remote installation

Remote installation of Forefront UAG from a network location is not supported. You can run setup from a local folder accessed over a Remote Desktop Connection using IPv4. An IPv6 connection is not supported.

Array deployment

If you want to deploy an array of multiple Forefront UAG servers, each server that will join the array must be installed as a domain member before beginning Forefront UAG installation. For more information about array deployment requirements, see Multiple server infrastructure design.

Co-located applications

The computer on which you are installing Forefront UAG should have a clean Windows Server 2008 R2 installation, with no other applications installed on it. For considerations on running antivirus products on Forefront UAG, see Considerations when using antivirus software on Forefront Edge products (

Installation permissions

When installing Forefront UAG, you must have administrator permissions on the local server. You must also be a domain user in the domain to which the Forefront UAG server belongs.

Domain and workgroup considerations

If the Forefront UAG server is a member of a workgroup, ensure that a DNS suffix is defined for the workgroup.

Some deployment scenarios require Forefront UAG to be installed as a domain member. For more information, see Joining the Forefront UAG server to a domain or a workgroup.

Virtual requirements

Forefront UAG is supported on Hyper-V running on computers with Windows Server 2008 with SP2, or Windows Server 2008 R2. Both host and guest operating systems must be 64-bit.

For more information on virtual support, see Security considerations with Forefront Edge virtual deployments (