When using Forefront Unified Access Gateway (UAG) and supporting non-Web applications over a secure sockets layer (SSL) connection, SSL tunneling causes the application traffic at the client endpoint to be overlaid with SSL encryption and tunneled to the SSL VPN gateway, that is, Forefront UAG. The SSL VPN gateway decrypts the traffic and sends the payload to the application server in the internal network. The Forefront UAG Socket Forwarding component add-on, which is based on Layered Service Provider and Named Service Provider technologies, can be used to support a wider variety of applications, such as supporting applications that jump ports, without the need to make changes to the running operating system. The Forefront UAG SSL Network Tunneling component can be used to provide full VPN access to the corporate network.

The SSL Application Tunneling component tunnels application traffic through SSL using one of the following relay types:

Note that if you are running XCompress on Forefront UAG, you must set the streaming optimization to "Low latency". You can automate the process by copying the file XCompress.js from the following location:

...\Microsoft Forefront Unified Access Gateway\von\conf\samples\CustomHooks

to the following location:

...\Microsoft Forefront Unified Access Gateway\common\bin\CustomHooks

Open the file you copied, and follow the instructions in the file to configure it for your system.

The following topics describe the endpoint components used for SSL connections: