Forefront Threat Management Gateway (TMG) 2010 Web Protection Service
Forefront TMG 2010 is the new name of Microsoft ISA Server and while it provides several enhancements to existing Web Proxy, Cache and Firewall capabilities, one of the most significant additional is Web Protection Service and Network Inspection System.
The following new features are included:
- Web anti-malware is part of a Web Protection subscription service for Forefront TMG. Web anti-malware scans Web pages for viruses, malware, and other threats.
- URL filtering allows or denies access to Web sites based on URL categories (such as pornography, drug, hate, or shopping). Organizations can not only prevent employees from visiting sites with known malware, but also protect business productivity by limiting or blocking access to sites that are considered productivity distractions. URL filtering is also part of the Web Protection subscription service.
- E-mail protection subscription service—Forefront TMG provides an e-mail protection subscription service, based on technology integrated from Forefront Protection 2010 for Exchange Server. Forefront TMG serves as a relay for SMTP traffic, and scans e-mail for viruses, malware, spam and content (such as executable or encrypted files) as it crosses the network.
- Network Inspection System (NIS) enables traffic to be inspected for exploits of Microsoft vulnerabilities. Based on protocol analysis, NIS can block classes of attacks while minimizing false positives. Protections can be updated as needed.
- HTTPS inspection enables HTTPS-encrypted sessions to be inspected for malware or exploits. Specific groups of sites, for example, banking sites, can be excluded from inspection for privacy reasons. Users of the Forefront TMG Client can be notified of the inspection.
- Enhanced Network Address Translation (NAT) enables you to specify individual e-mail servers that can be published on a 1-to-1 NAT basis.
- Enhanced Voice over IP support includes SIP traversal, enabling simpler deployment of Voice over IP within the network.
In order to enable Web Protection Service of TMG 2010, customers would need a per user subscription license for the service in addition to TMG 2010 Standard or Enterprise Edition Processor License. For TMG 2010 licensing and pricing information please click here
TMG 2010 also provide good reporting capabilities in the following categories:
Fig. 1: Category Report
Find below the screenshots of further drill-down into each of the above category areas:
![clip_image002[5]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/68/90/metablogapi/5102.clip_image0025_6EB19FE4.jpg "clip_image002[5]")
Fig. 2: Summary Report
![clip_image002[9]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/68/90/metablogapi/3073.clip_image0029_5F8A9B3D.jpg "clip_image002[9]")
Fig. 3: Web Usage Report
![clip_image002[11]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/68/90/metablogapi/4628.clip_image00211_6CE08876.jpg "clip_image002[11]")
Fig. 4: Application Usage Report
![clip_image002[13]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/68/90/metablogapi/5732.clip_image00213_68E30E19.jpg "clip_image002[13]")
Fig. 5: Traffic & Utilization Report
Fig. 6: Security Report
![clip_image002[15]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/68/90/metablogapi/1263.clip_image00215_47631CE3.jpg "clip_image002[15]")
Fig. 7: Malware Protection Report
![clip_image001[5]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/68/90/metablogapi/1856.clip_image0015_188D3E74.png "clip_image001[5]")
Fig. 8: URL Filtering Report
![clip_image002[17]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/68/90/metablogapi/1460.clip_image00217_45920575.jpg "clip_image002[17]")
Fig. 9: Network Inspection System Report
For complete list of features available in TMG 2010 please click here
If you are using a third-party product for URL Filtering/Web Protection with ISA Server or TMG 2010, we highly recommend you to start evaluating TMG 2010 native capabilities which will not only provide better performance and support, but overall cost will also reduce.