The Forefront Unified Access Gateway (UAG) SSL Application Tunneling component provides SSL connectivity for non-Web protocols, such as those used by client/server and legacy applications, from the Internet to the internal network, thus enabling Forefront UAG users to safely access back-end applications.

Using the Forefront UAG portal homepage, remote users can access a range of applications, such as native messaging applications, standard e-mail applications, collaboration tools, connectivity products, and more. The SSL Application Tunneling component allows precise, per-user and per-server configurations, and can be used in conjunction with Forefront UAG endpoint policies, providing for an SSL VPN experience. Multi-platform application support ensures that users can access their applications from computers running Windows, Macintosh OS X, and Linux operating systems, by using a wide range of browsers.

For end users to run SSL Application Tunneling applications, the Forefront UAG site must be trusted by the client endpoint. When a user launches an SSL Application Tunneling application, the SSL Application Tunneling component verifies the identity of the Forefront UAG site against the site's server certificate, and checks whether the site is on the user's Trusted Sites list; only if the site is trusted will the application launch.

Note that when working with SSL Application Tunneling applications via an HTTP trunk, tunneled traffic is not encrypted.