Today, as a result of our effort to better align security and protection solutions with the workloads and applications they protect, Microsoft is announcing changes to the roadmaps of some of the security solutions made available under the Forefront brand.
- As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection.
- In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013. This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense.
- We are discontinuing any further releases of the following Forefront-branded solutions:
- Forefront Protection 2010 for Exchange Server (FPE)
- Forefront Protection 2010 for SharePoint (FPSP)
- Forefront Security for Office Communications Server (FSOCS)
- Forefront Threat Management Gateway 2010 (TMG)
- Forefront Threat Management Gateway Web Protection Services (TMG WPS)
For all the details please see the following: http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx
J.C. Hornbeck | Knowledge Engineer | Management and Security Division
Get the latest System Center news on Facebook and Twitter:
App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/
The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity- support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
We planned to purchase additional TMG for branches and what now? Buy a product that will not evolve? And where and how to migrate from the well-established infrastructure(VPN/Exchange/SPoint/etc.)?
I don't understand this attitude towards customers.
What will be the new architecture of enterprise network without TMG and FPE? What and where is a migration map to?
Are there plans for TMG2013 or other, future, TMG products or is TMG being discontinued altogether?
Could someone please provide a suggested migration map of the capabilities built into TMG for existing customers? Eg reverse web publishing -> MS UAG, boundary firewall -> built-in OS firewalls or third party paroduct, etc.
The Sophos (aka astaro) product line seems to have many of the same features.
Don't like to year that. However I like TMG2010 and FPE2010 and we use several licenced products in our company…
We really need migration map for TMG.
It's moments like this where Microsoft's actions are so confusing and don't add up.
From the announcement:
We are discontinuing any further releases of the following Forefront-branded solutions:
Forefront Protection 2010 for Exchange Server (FPE)
Forefront Protection 2010 for SharePoint (FPSP)
Forefront Security for Office Communications Server (FSOCS)
Forefront Threat Management Gateway 2010 (TMG)
Forefront Threat Management Gateway Web Protection Services (TMG WPS)
and…
"It is important to note that there are no significant changes to the Forefront Identity Manager or Forefront Unified Access Gateway roadmaps. These solutions continue to be actively developed. Forefront UAG 2010 SP2 was released in August 2012 and Forefront Identity Manager 2010 R2 was release in June 2012. "
In summary they are dropping TMG and keeping UAG, but…. UAG uses TMG…
“By default, Forefront Threat Management Gateway (TMG) is installing during Forefront Unified Access Gateway (UAG) Setup. Forefront TMG is installed as a complete product, and is not modified to run on a Forefront UAG server.” –technet.microsoft.com/…/ee522953.aspx
Using this logic TMG continues under the UAG roadmap… or the Forefront Product Teams don't have a grasp on their own products.
Another baited hook for Microsoft users. Keep this up MS, and will be forced to leave you.
stupid thing to drop TMG
My company uses ISA and TMG all over the place, reverse proxy, forward proxy and firewall features.
what a daft decision to kill TMG, but keep UAG, the most buggy product ever.
I am at a loss as to what one replaces it with. Any suggestions?
What should our customers with Full-Featured Deployments (incl. 3rd-Party ISAPI-Solutions) and Firewall-Client/-Service (THE big advantage for transparent, authenticated outbound access for tcp/udp-Connection) migrate to ? I CAN´T BELIEVE that all the features and techniques that TMG provides play no role in your shiny new On-Premises-Cloud-world ….
Maybe it would be a good idea to provide a migration path / evolutionary road FIRST and then discontinue / cancel core products in such an important area – SECURITY !
rgds,
Robert
Sadly, that's the proof of often heard critics: you can't do IT-Security.
Shame on you in discontinuing this absolutely great product! May the cloud rain no $ on you.
🙁
It a shame that TMG is killed.
So: Can we expect the quality of the web reputation service queries to start getting worse and worse, or is this service still being used in other MS products that will continue?
This whole thing is a shame, as we switched off of Websense not long ago, because the filtering in TMG was good enough for our needs.
it seems that we have to use linux. there is no alternative for tmg on windows systems. if M$ will kill good products this way maybe we'll start to use linux on desktop too.
So what happens to the SA I have been paying on Forefront TMG? Do I get a different product that doesn't do what I need it do or is there a refund cheque in the mail?
It's sad that they are killing this product. I have using it as our go to firewall for 8 years now. I'm happy with what it does. Now I'm looking at Cisco ASA for my firewall needs and Websense for filtering. In other words $$$$
It's crazy because TMG offers some fairly unique functionality as a solid authentication reverse proxy. I've worked at and with a number of large companies that use TMG, none of whom used UAG. Moreover, UAG is not as good as other SSL-VPN products, such as Juniper SA and is modeled for a different market.. If Microsoft think that UAG can address the use cases that TMG does, with the licensing model they use, together with UAG baggage, lowered security (EAL4 for TMG v EAL2 for UAG) and expect people to adopt it, they're deluding themselves…
Terrible decision… even worse than including the "interface formely known as Metro" in Server 2012.
I was absolutely stunned when I read the news about TMG being discontinued. Like many others I love the product for its great features at a reasonable price. TMG is a firewall, proxy, reverse proxy and malware filtering solution in one. So one thing went straight to my head; what do we need to offer our customers from now on when they ask for a solution providing all those features? Three different products (from different vendors)? Or a firewall appliance with expensive add-on modules? It definitely will be a solution which doesn't integrate as well as TMG does in Microsoft-based environments.
Come on Microsoft, you must be kidding us. Please change your mind as you're disappointing many, I say _MANY_ customers who trusted you since Proxy/ ISA Server.
+1 to above comment by Richard. I was due to deploy TMG for a client this month alongside Ex2010. Not now though. Same question over and over the interweb: what acts as the replacement? Tony Redmond on his blog seems to think that vendors such as KEMP are watching this space closely as it wouldn't take much to package the reverse proxy etc etc into other offerings. They did a great job with HLBs for CAS servers. thoughtsofanidlemind.wordpress.com/…/microsofts-new-security-product-strategy
Well, very good idea to kill TMG, if you want to loose some of you biggest partners like my company. As the result of these, we stoped many projects where we planed to install tmg and Uag for our coustumer. Now we install solutions like this from other partners. Nice Job Microsoft, i calculated you loose 2,112,000 US Dollar from License only in these projekts but many other will follw.
Security is one of the most important things in the IT, TMG is a very good reverse and "normal" proxy . The next Projekt, it will start in Nov 2012, we will install Cisco and Genua Solutions istead of TMG, also we will Change the Websolutions from Sharepoint to an Other Product. Please Calculate what you loose on your own : 32 * Windows Server 2008 Enterprise, 10 * TMG Enterprise, 4 * UAG Enterprise, Rest Sharepoint. 13,200 User cals …. and so on ….
You know what this means to me? FREE TMG FOR MY CUSTOMERS!!!! YAY!!!!
Maybe Microsoft are planing to buy someone else in this space….
Almost three weeks have passed since Microsoft dropped this news on their "Server & Cloud Blog". This news only is bad enough. But this silence since then is even worse, I do not know what to tell my customers.
Please name us an alternative to do forwarding proxy with integrated authentication (just to name one feature)
Please!
..and now it's almost four weeks. Dropping news like that and then not following up on legitimate questions from real customers just shows a lack of respect. Come on Microsoft, can you please elaborate on your plans? Will some of the TMG features be picked up by UAG? Will there be some form of compensation for SA customers now that the value of the SA subscription is lowered?
You are killing one of the most loved products withou any information about replacement!
We us TMG also to protect our whole cloud infrastructure we are providing for thousands of customers.
Customers feel very secure behind TMG.. so why the hell do you discontinue one of the promissing products you ever made?
Can Microsoft please advise its customers how they are supposed to tackle the problems that discontinuing TMG will have for future deployments. We deploy a large amount of infrastructures to schools and use TMG to publish OWA and SharePoint externally rather than publishing the CAS and SPFE servers directly. How would Microsoft propose that we get around this massive problem without having to increase costs substantially for our customers?
the decision to eliminate tmg is really stupid was a great product for firewalls, proxies, etc..
I tested UAG and is a product ridiculous buggy
MICROSOFT – Why has no one replied to the many comments on this. What is the suggested road map/path for people to take who use or were going to use TMG?
We have been using Forefront TMG / ISA since it was released several years back with great success, and are happy to report that we've had no major security incidents on our network. for the past 12 years. Discovering yesterday that the product has been discontinued (when I went to renew our VLA for malware filter) with no roadmap is of great stress on our non-profit agency's limited budget. We are now facing not only expensive security consulting but also a re-design of our entire infrastructure wrapped our Forefront TMG publishing rules. We have been 99% Microsoft for over a decade and are not a happy customer.
TMG was a great product. Used ISA for years. How there is no replacement or posts that say here is is how we want you to do it now really sucks,
I can't think of one good reason TMG was killed.
Nobody really liked UAG
Does anyone in the product group or anyone from Microsoft can answer that will change in roadmapie security products.
Will there be a successor TMG?? …. So really the whole point of rewriting the TCP stack in WIN 2012 Server R2
Our 3000 Clients moved to Open source solutions, because Microsoft discontinue the MS products frequently and very expensive products. No one like to go on cloud for the products which can be implemented on-premises. Damn! Our 9000 hosting users moved
from Exchange and O365 to Zimbra other Mail solutions. Our System admins learning Linux… Whats going on Microsoft???
Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition Дата начала жизненного цикла 17.10.2006 так конечно дата окончания расширенной поддержки 10.01.2017.Сделайте хотя бы дату окончания расширенной поддержки Forefront продукта в 2021 году:)