Forefront TMG User Experience: The Navigation Tree

Forefront TMG provides a single-level navigation tree to access the features and options for configuring and monitoring your Forefront TMG servers. When you navigate to a node in the tree, the toolbar, results pane, tasks pane, and right-click menus provide links and shortcuts for the options and settings applicable to the selected node.


If you are familiar with previous versions of Forefront TMG (ISA Server 2004 or ISA Server 2006), you’ll notice that the tree structure has changed and that some nodes have been removed or replaced. The table below will help you understand the updated tree and how it has been rearranged. If you are new to Forefront TMG, the table provides an overview of each node.



Select this node to…


Console root

Use the links on the console start page to open the product help, navigate to the roles configuration start page, and browse to online resources.


Array container

Configure array level settings, such as administrative roles. Use the links in the array start page (Roles Configuration tab) to navigate to the main Forefront TMG tasks.


Dashboard (new)

View up to date, real-time information about Forefront TMG activity and traffic. Clicking a pane in the dashboard navigates to additional information about the data presented in that pane.


Monitoring (modified)

Configure and view real-time monitoring of system alerts, client sessions, connectivity status between Forefront TMG and specific IP addresses or URLS, Forefront TMG services, and configuration replication status.


Firewall Policy

Create rules allowing or denying access to networks, Web sites and servers. Configure VoIP settings to define how SIP traffic is directed.


Web Access Policy (new)

Configure secure Web access and Web protection for your organization. New features available in this node include HTTPS inspection, URL filtering, and malware inspection.


E-Mail Policy (new)

Configure Forefront TMG as a relay between your internal SMTP servers and those outside of your organization, and apply multi-engine antivirus and anti malware scanning to SMTP traffic.


Intrusion Prevention System (new)

Configure the Network Inspection System (NIS) to download signatures and definitions for known vulnerabilities from Microsoft Updates. Also use the options in the Behavioral Intrusion Detection tab to configure flood mitigation, IP options filtering and intrusion detection.


Virtual Private Networks

Configure VPN client access and create VPN site-to-site networks used for VPN connectivity.


Networking (updated)

Configure Forefront TMG networks and network rules, Web chaining and general network settings (i.e., network adapters and routing). Use the options in the ISP Redundancy tab to configure how traffic is distributed between two ISP links.


System (updated)

Configure settings on the local computer, such as domain membership and server certificates, and define Forefront TMG application and Web filter settings.


Logs & Reports (new)

Display data from the log files and generate traffic reports based on that data.


Update Center (new)

View the status of Microsoft updates installed on Forefront TMG and configure how updates are downloaded and installed for each protection mechanism.


Troubleshooting (updated)

Use the troubleshooting tools such as the Best Practices Analyzer (BPA), change tracking, traffic simulator, diagnostic logging, and connectivity testing.

This tab was introduced in ISA Server 2004 SP3 and ISA Server 2006 SP1.


Question: Where is the General node?

Answer: The General node has been removed. All items previously located in the General tab have been redistributed to their logical locations in the navigation tree based on workflow.

Question: Where is the flood mitigation feature?

Answer: Features related to network protection are now located in the Intrusion Prevention System node, on their own tab. This includes flood mitigation, intrusion detection, and IP options filtering.

Question: What is the difference between the Firewall Policy node and the Web Access Policy node?

Answer: The Firewall Policy node provides access to all publishing wizards, system policy rules and access rules configured for Forefront TMG. The Web Access Policy node displays only the access rules and settings applicable to Web access. Regardless of where they are created, in Firewall Policy or Web Access Policy, access rules are displayed in both results panes and can be edited in either location.

Linda Lior, User Experience Researcher

Reviewers: Meir Feinberg and Alon Yardeni

Comments (0)

Skip to main content