Forefront TMG Beta 2 is Released

Hi Everyone:

I wanted to publish a follow-on to Jim's enthusiastic post about our public beta.  We have reached an important and critical milestone in the release of Forefront Threat Management Gateway (TMG), our comprehensive network protection solution. For those of you catching up on the TMG line, Forefront TMG is the future version of the Microsoft Internet Security & Acceleration Server (ISA Server) and will extend the capabilities of ISA Server with new features and security technologies.  Forefront TMG will be available as both a standalone solution but also part of new integrated suites to be released in the future such as the upcoming Forefront “Stirling” security suite

Today, I am announcing that Beta 2 is available for public download and evaluation.  This is a significant change from Beta 1 – the content and feature set is almost too rich too blog in a single posting to be honest.  But I will try…

We really have 6 unique value propositions with this release that really emphasize our comprehensive approach to network protection:

          Control network policy access at the edge (Firewall)

          Protect users from web browsing threats (Web Client Protection)

          Protect users from E-mail threats (Email Protection)

          Protect desktops and servers from intrusion attempts (NIS)

          Enable users to remotely access corporate resources (VPN, Secure Web Publishing)

          Simplified management (Deployment)

From a “what’s new” perspective in Beta 2 from the Beta 1 release, we have really polished and completed a lot of features.  On the firewall side, we have added key components such as VoIP traversal (SIP), enhanced NAT and ISP Link Redundancy.  Combined with our NAP (Network Access Protection) integration with the VPN functionality, the firewall and remote access capabilities are richer than ever.  On the web client protection area, we now have fully functional HTTP Anti-virus/spyware scanning and detection as well as HTTPS forward inspection.  This provides an extremely rich secure web gateway for the clients that protects all web clients regardless of platform when going through the TMG proxy.

Some of the new areas we have added include a secure email relay deployment option providing email protection at the edge through Exchange Server and Forefront Security for Exchange integration to provide a hardened edge based anti-virus and anti-spam solution.  Also we are excited to preview is our new Forefront Network Inspection System (NIS).  Forefront NIS is a unique intrusion detection and response solution that integrates with the Forefront codename Stirling security suite to provide security assessment and responses.

Last, but not least, our deployment and management capabilities have received a complete upgrade.  Everything from a UI and configuration wizards facelift for easier installation and maintenance, but a completely new array management infrastructure to ensure distributed enterprise deployments of multiple TMG installations.


In the end, I will let the beta speak for itself – we would love to hear your feedback on the feature set and quality in your environments and scenarios.  The download is available now and public for everyone to install today – I welcome you to give it a test run! 

Download center link:



David B. Cross

Product Unit Manager


Comments (22)

  1. Anonymous says:

    Well it went live last week friday and it's looking great 😉 There are a tone of new features since

  2. Anonymous says:

    Microsoft vient de mettre à disposition la Beta 3 du successeur d’ISA Server : Forefront

  3. Miroslav,

    HTTP Delete is not assumed to be a synchronous action either.  As noted previously, if your content experiences frequent changes that must be quickly updated, it’s best to disable caching for that content.

    The benefits received from caching are quickly overshadowed by rapid refreshing requirements.

    Jim Harrison

    PM, FF Edge CS

  4. Anonymous says:


    may I ask please about the HTTP DELETE?

    Is it assured the content is deleted immediately after the end of the HTTP DELETE call? Or is it the same situation as the FetchUrl?


    Miroslav Sekera

  5. Anonymous says:

    Hi David,

    congratulations on releasing the Beta 2 of the TMG.

    Could I have a question and a "feature request"?

    I want to use a FetchUrl method for purging objects from the cache.

    According to the ISA 2004/2006 and Forefront TMG domumentations of SDK, the fpcFetchSynchronous flag of the method is obsolete.

    I found that here:

    May I ask why it is obolete?

    I am developing an application where I would need to call the method FetchUrl synchronously, because I need to know that my web app can safely continue, as it will rely on the fact that there is not an old object in the cache.

    I would suggest to fully support this flag again as I think it is very useful.

    For me, it would be even better to have the purge available though the HTTP DELETE request. This functionality would be configurable to be available only from the internal network.

    I found a mention about it in this doc which is about ISA 2000:”> but it does not seem to work.

    For reference, the whole doc can be found here:

    Also in this case, I would need the method to be synchronous.


    Miroslav Sekera


  6. Anonymous says:

    The Forefront TMG Team released to the web the Beta 2 Version of the ISA 2006 EE replacement. Additionally

  7. Anonymous says:

    I see,

    thanks a lot Jim


    Miroslav Sekera

  8. Anonymous says:


    thanks a lot for your info about enabling the HTTP DELETE, I could not find that, it works now.

    May I ask, is there any more documentation about the HTTP DELETE? I spent hours googling and did not find anything more.

    I would need to know:

    – When I send HTTP DELETE, the cached item is deleted which is good, but the HTTP delete is (like other requests) also forwarded to the web server. Is there a way to confugure ISA (TMG) just to delete the cached item and return (and not to also forward the HTTP DELETE to web server)?

    -If I would have multiple TMG servers in array, is it assured that the HTTP DELETE command will automatically be executed on the single array member that is the designated owner of that object according to the CARP algorithm?


    Miroslav Sekera


  9. Anonymous says:

    sorry for posting it twice, it was a mistake

    Miroslav Sekera

  10. Anonymous says:

    And what about the HTTP DELETE?

    Is it assured the content is deleted immediately after the end of the HTTP DELETE call? Or is it the same situation as the FetchUrl?


    Miroslav Sekera

  11. TMG is a proxy and assumes that any HTTP method you send to a remote host is intended for that remote host.  There are no "proxy-only" methods in the HTTP protocol, so no; you cannot configure ISA or TMG to "absorb" the DELETE method.

    Jim Harrison

    FF Edge CS

  12. The Forefront TMG SDK is on its way and will be available soon…watch this space for an announcement.

  13. The reason for moving to asynchronous only is to avoid the expectation that content is removed immediately from all array members after the script is run.

    The cache content on disk is not an exact copy of the cache in memory; nor is it guraanteed that the cache on one server is a copy of that on another server, although they may share common elements. When content is added or removed, the cache menagement waits until the scheduled cache synchronization period before actually synchronizing the disk content.  


    Jim Harrison

    FF Edge CS

  14. Anonymous says:

    OK thanks, as it is not synchronous I cannot use it.

    (btw. I wouldn’t change it too often, I would just need it synchronous, but as it is not possible I will find another solution)

    Thanks Jim


    Miroslav Sekera

  15. tower defense says:

    Is it assured the content is deleted immediately after the end of the HTTP DELETE call? Or is it the same situation as the FetchUrl?

  16. Anonymous says:


    Thanks Jim.


    Miroslav Sekera


  17. Anonymous says:

    I haven’t found TMG SDK in this release. When it will be available?

  18. Regan says:

    how do we log bugs for this beta?  i cant find it in connect and i didnt see in release notes or on download page

  19. Anonymous says:


    may I ask for an answer about the HTTP DELETE which I posted before?

    Perhaps I am asking on a wrong place… Should I rather ask on the forum? I would put it there, but I just did not want to put the same question to two places…


    Miroslav Sekera

  20. Anonymous says:


    Please, I would still need to answer my question regarding to fpcFetchSynchronous flag:

    May I ask why it is obolete?

    On page: there is:

    "To delete an object from the cache, set FetchUrl to an empty string, and set CacheUrl to the URL of the object to be removed from the cache. When you delete an object using FetchUrl, you can perform the operation synchronously or asynchronously, and the TTL must be set to 0."

    It looks strage to me that there is "you can perform the operation synchronously or asynchronously" when the fpcFetchSynchronous flag is obsolete (I would assume it is not recomended to use the flag). Or, is there another way to call the FetchUrl synchronously?

    I am developing an application where I would need to call the FetchUrl method synchronously, because I need to know that my web app can safely continue, as it will rely on the fact that there is not an old object in the cache.


    Miroslav Sekera


  21. If you’re changing the content that often, it may be better not to have it cached at all.

    We can’t answer for what someone wrote in a course file, but if you would have a read in,, and, you will discover that by default, neither ISA 2006 nor TMG allow either "PUT" or "DELETE" methods in HTTP requests by default.

    You’ll have to set the WebProxy.ApplyPutAnDeleteInForeward (or WebProxy.ApplyPutAnDeleteInReverse for web publishing) property to TRUE before TMG will allow this method at all.

Skip to main content