Microsoft's Forefront TMG 2010 is a secure web gateway designed to protect corporate networks from web-based threats by providing multi-layer security features including URL filtering, malware inspection, and intrusion prevention. It enables centralized management and consistent policy enforcement while improving firewall performance and reducing operational costs. The solution can be deployed as a standalone server or virtualized, supporting a range of configurations to enhance security for corporate web usage.

1. Secure Web Gateway for Corporate Networks
Microsoft® Forefront™ Better Protection Against cloud-based URL filtering technologies
that can be used to monitor or block
Threat Management
Gateway 2010 is a secure
Web-Based Threats employee Web usage.
Web gateway that Forefront TMG 2010 protects employees n The management console, which
enables employees to from Web-based threats by integrating offers both local and remote policy
multiple layers of security into an easy-to- management for servers.
use the Internet safely
manage solution. Deployed on corporate
and productively without n A management server (included with
networks as a unified gateway, Forefront
worrying about malware Forefront TMG Enterprise Edition), which
TMG 2010 inspects Web traffic at the
and other threats. To network, application, and content layers to enables the creation of enterprise-wide
help block the latest help ensure a single, consistent Web policy. policies that can be assigned to an array
Web-based threats, it In addition to comprehensive protection, of servers.
provides multiple layers it also helps improve firewall performance Forefront TMG 2010 can scale performance
of continuously updated by offloading processor-intensive functions when administrators cluster multiple
protections including like inspection for malware. gateways or deploy Forefront TMG 2010
URL filtering, malware The secure Web gateway solution includes at individual sites. It can easily be deployed
inspection, and intrusion four components: in two modes: as a standalone server to
prevention. deliver maximum performance, or as a
n The Forefront TMG 2010 server, virtualized machine that can be combined
which provides multiple inspection with other applications to reduce
http://www.microsoft. technologies, including application- hardware costs.
com/forefront/tmg and network-layer firewall, intrusion
prevention, and malware filtering to
keep users safe from Web-based attacks. Key Benefits and Features
It connects to the Forefront TMG Web Forefront TMG 2010 delivers
Protection Service* for URL filtering and comprehensive protection against Web-
Forefront Threat Management anti-malware updates. based threats, integrated into a unified
Gateway (TMG) 2010 is designed n Forefront TMG Web Protection Service, gateway that reduces the cost and
to increase the security of which delivers anti-malware updates and simplifies the complexity of Web security.
corporate Web usage by: provides a real-time connection to
n Preventing malware outbreaks
caused by inadvertent
employee visits to malicious
sites or by downloads of
infected files.
n Enforcing a consistent Web
Forefront TMG
security policy for application Forefront TMG Web Protection Service
protection, malware
Reputation Providers
inspection, and URL filtering
through integration with
Forefront TMG Web URL filtering in TMG Web Protection Service aggregates data from multiple providers.
Protection Service.
* Forefront TMG Web Protection Service is licensed separately on a subscription basis.

2. Comprehensive protection Delivers core network Integrated security
protection features
Blocks malicious sites more effectively Delivers a single source for
Includes and builds on the proven
Uses aggregated data from multiple Web security
network protection technologies
URL filtering vendors and the antiphishing Combines URL filtering, reputation
of Microsoft Internet Security and
and anti-malware technologies that also services, intrusion prevention, Web proxy,
Acceleration Server 2006, the previous
protect Internet Explorer 8 users. The application- and network-layer firewalls,
version of Forefront TMG 2010. This
highly accurate categorization of Web and anti-malware and HTTP/HTTPS
enables you to deploy a perimeter firewall
sites also blocks sites that may violate inspection on a single server.
and deploy a secure gateway for such
corporate policies.
applications as Microsoft Exchange Server Reduces costs
Prevents exploitation of vulnerabilities and Microsoft SharePoint®. Provides caching to improve the user
Includes integrated intrusion prevention Extends enforcement to encrypted experience and reduce bandwidth costs.
technology that protects against browser- Web traffic The ability to deploy Forefront TMG 2010
based and other vulnerabilities, including as a virtual machine gives you ways to save
Looks inside users’ SSL-encrypted Web
browser plug-in exploits. on hardware expenditures.
traffic—traffic that goes uninspected
Catches Web-based malware through a firewall. Within these encrypted Leverages existing infrastructure
sessions, Forefront TMG 2010 can detect investments
Provides highly accurate malware
possible malware as well as control Simplifies authentication and policy
detection with a scanning engine that
employee access to sites that violate enforcement by integrating with Active
combines generic signatures and heuristic
corporate policy. Directory®. For example, Forefront
technologies to proactively catch variants
without specific signatures. TMG 2010 simplifies HTTPS inspection
by distributing its certificate via Active
Directory. It also leverages the Windows®
Unified Web security interface Update infrastructure to enable quick
distribution of new protections to all
Forefront TMG servers.
Simplified management
Centralizes management in a single,
easy to-use console
Enables administrators to create and
manage all Web security functions
across distributed environments from
a single console.
Delivers comprehensive custom reports
Generates Web security reports quickly
and facilitates easy customization to meet
business-specific reporting needs. It also
integrates with Microsoft SQL Server
Express or SQL Server infrastructure for
creating custom reports.
For more information about
Forefront Threat Management
The Forefront TMG 2010 management console simplifies policy creation. Gateway 2010, visit http://www.
microsoft.com/forefront/tmg.
System Requirements
Forefront TMG 2010 requires a server with a 64-bit processor and, at minimum, the following: 2 processor cores, 2 GB of RAM, 2.5
GB available hard drive space, one compatible Network Interface Card, and a local hard disk partition formatted in NTFS. Supports
Windows Server® 2008 SP2 or Windows Server 2008 R2.
©2010 Microsoft Corporation. All rights reserved. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.