Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as Microsoft Internet Security and Acceleration Server (ISA Server), is a discontinued network router,

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spr ...

, antivirus program, VPN server and

web cache A Web cache (or HTTP cache) is a system for optimizing the World Wide Web. It is implemented both client-side and server-side. The caching of multimedias and other files can result in less overall delay when browsing the Web. Parts of the sys ...

from

Microsoft Corporation Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washingt ...

. It ran on

Windows Server Windows Server (formerly Windows NT Server) is a group of operating systems (OS) for servers that Microsoft has been developing since July 27, 1993. The first OS that was released for this platform was Windows NT 3.1 Advanced Server. With the r ...

and works by inspecting all network traffic that passes through it.

Features

Microsoft Forefront TMG offers a set of features which include: # Routing and remote access features: Microsoft Forefront TMG can act as a router, an Internet gateway, a virtual private network (VPN) server, a network address translation (NAT) server and a

proxy server In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. Instead of connecting directly to a server that can fulfill a reques ...

. # Security features: Microsoft Forefront TMG is a

which can inspect network traffic (including web content, secure web content and emails) and filter out malware, attempts to exploit security

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

and content that does not match a predefined security policy. In technical sense, Microsoft Forefront TMG offers application layer protection, stateful filtering,

content filtering An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Content-control software dete ...

and anti-malware protection. # Network performance features: Microsoft Forefront TMG can also improve network performance: It can compress web traffic to improve communication speed. It also offers

web caching A Web cache (or HTTP cache) is a system for optimizing the World Wide Web. It is implemented both client-side and server-side. The caching of multimedias and other files can result in less overall delay when browsing the Web. Parts of the syste ...

: It can cache frequently-accessed web content so that users can access them faster from the local network cache. Microsoft Forefront TMG 2010 can also cache data received through

Background Intelligent Transfer Service Background Intelligent Transfer Service (BITS) is a component of Microsoft Windows XP and later iterations of the operating systems, which facilitates asynchronous, prioritized, and throttled transfer of files between machines using idle network ...

, such as updates of software published on

Microsoft Update Windows Update is a Microsoft service for the Windows 9x and Windows NT families of operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Wind ...

website.

History

Microsoft Proxy Server

The Microsoft Forefront Threat Management Gateway product line originated with Microsoft Proxy Server. Developed under the

code-name A code name, call sign or cryptonym is a code word or name used, sometimes clandestinely, to refer to another name, word, project, or person. Code names are often used for military purposes, or in espionage. They may also be used in industrial c ...

"Catapult", Microsoft Proxy Server v1.0 was first launched in January 1997, and was designed to run on

Windows NT 4.0 Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...

. Microsoft Proxy Server v1.0 was a basic product designed to provide Internet Access for clients in a LAN Environment via

TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...

. Support was also provided for IPX/SPX networks (primarily used in legacy

Novell NetWare NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol. The original NetWare product in ...

environments), through a

WinSock In computing, the Windows Sockets API (WSA), later shortened to Winsock, is an application programming interface (API) that defines how Windows network application software should access network services, especially TCP/IP. It defines a standar ...

translation/tunnelling client which allowed TCP/IP applications, such as web browsers, to operate transparently without any TCP/IP on the wire. Although well-integrated into Windows NT4, Microsoft Proxy Server v1.0 only had basic functionality, and came in only one edition. Extended support for Microsoft Proxy Server v1.0 ended on 31 March 2002. Microsoft Proxy Server v2.0 was launched in December 1997, and included better NT Account Integration, improved packet filtering support, and support for a wider range of

network protocols A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchroniza ...

. Microsoft Proxy Server v2.0 exited the extended support phase and reached end of life on 31 December 2004.

ISA Server 2000

On 18 March 2001, Microsoft launched Microsoft Internet Security and Acceleration Server 2000 (ISA Server 2000). ISA Server 2000 introduced the ''Standard'' and ''Enterprise'' editions, with Enterprise-grade functionality such as High-Availability

Cluster may refer to: Science and technology Astronomy * Cluster (spacecraft), constellation of four European Space Agency spacecraft * Asteroid cluster, a small asteroid family * Cluster II (spacecraft), a European Space Agency mission to study t ...

ing not included in the Standard Edition. ISA Server 2000 required

Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...

(any edition), and will also run on

Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...

. In accordance with Microsoft's Support Lifecycle Policy, ISA Server 2000 was the first ISA Server product to use the 10-year support lifecycle with 5 years of ''Mainstream'' support and five years of ''Extended'' support. ISA Server 2000 reached End of Life on 12 April 2011.

ISA Server 2004

Microsoft Internet Security and Acceleration Server 2004 (ISA Server 2004) was released on 8 September 2004. ISA Server 2004 introduced multi-networking support, integrated virtual private networking configuration, extensible user and authentication models,

application layer firewall An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to c ...

support,

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...

integration, SecureNAT, and improved reporting and management features. The rules based configuration was also considerably simplified over ISA Server 2000 version. ISA Server 2004 Enterprise Edition included array support, integrated Network Load Balancing (NLB), and

Cache Array Routing Protocol The Cache Array Routing Protocol (CARP) is used in load-balancing HTTP requests across multiple proxy cache servers. It works by generating a hash for each URL requested. A different hash is generated for each URL and by splitting the hash namespa ...

(CARP). One of the core capabilities of ISA Server 2004, dubbed Secure Server Publishing, was its ability to securely expose their internal servers to Internet. For example, some organizations use ISA Server 2004 to publish their

Microsoft Exchange Server Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related ...

services such as Outlook Web Access (OWA),

Outlook Mobile Access Outlook or The Outlook may refer to: Computing * Microsoft Outlook, an e-mail and personal information management software product from Microsoft * Outlook.com, a web mail service from Microsoft * Outlook on the web, a suite of web applications ...

(OMA) or ActiveSync. Using the ''Forms-based Authentication'' (''FBA'') authentication type, ISA Server can be used to pre-authenticate web clients so that traffic from unauthenticated clients to published servers is not allowed. ISA Server 2004 is available in two editions, Standard and Enterprise. Enterprise Edition contains features enabling policies to be configured on an array level, rather than on individual ISA Servers, and load-balancing across multiple ISA Servers. Each edition of ISA Server is licensed per processor. (The version included in Windows Small Business Server 2000/2003 Premium includes licensing for 2 processors.) ISA Server 2004 runs on

Standard or Enterprise Edition. Appliance hardware containing Windows Server 2003 Appliance Edition and ISA Server Standard Edition is available from a variety of Microsoft Partners.

ISA Server 2006

Microsoft Internet Security and Acceleration Server 2006 (ISA Server 2006) was released on 17 October 2006. It is an updated version of ISA Server 2004, and retains all features from ISA Server 2004 except Message Screener. ISA Server 2006 introduced new features including: * Support for

Exchange Server 2007 The history of Microsoft Exchange Server begins with the first Microsoft Exchange Server product - Exchange Server 4.0 in April 1996 - and extends to the current day. Microsoft had sold a number of email products before Exchange. Microsoft Mail v2 ...

(referred to as "Exchange 12" in the Microsoft ISA Server 2006 Evaluation Guide) * New configuration wizards for various tasks such as setting up a "site-to-site VPN connection", publishing SharePoint services, publishing websites, creating firewall rules. * Introduction of

single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...

for groups of published web sites. * Improvements to user authentication including the addition of LDAP Authentication support * Resistance to

flood attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...

s, to protect the ISA server from being "unavailable, compromised, or unmanageable during a flooding attack." * Performance features such as BITS Caching, Web Publishing Load Balancing and

HTTP compression HTTP compression is a capability that can be built into web servers and web clients to improve transfer speed and bandwidth utilization. HTTP data is compressed before it is sent from the server: compliant browsers will announce what methods a ...

. ISA Server Appliance Edition Microsoft also offered ISA Server 2006 Appliance Edition. It was designed to be pre-installed onto OEM hardware (

server appliance A computer appliance is a home appliance with software or firmware that is specifically designed to provide a specific computing resource. Such devices became known as ''appliances'' because of the similarity in role or management to a home ...

s) that are sold by hardware manufacturers as a stand-alone firewall type device. Along with Appliance Edition, ISA server 2006 Standard Edition and Enterprise Edition were available in preconfigured hardware.

Microsoft Forefront TMG MBE

Microsoft Forefront Threat Management Gateway Medium Business Edition (Forefront TMG MBE) is the next version of ISA Server which is also included with

Windows Essential Business Server Windows Essential Business Server 2008 (code named ''Centro'') was Microsoft's server offering for mid-size businesses (up to a maximum of 300 Users and/or Devices). It was released to manufacturing on 15 September 2008 and was officially launche ...

. This version only runs on the 64-bit edition of

Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on F ...

and does not support Enterprise edition features such as array support or Enterprise policy. Mainstream support for Forefront TMG MBE ended on 12 November 2013.

Microsoft Forefront TMG 2010

Microsoft Forefront Threat Management Gateway 2010 (Forefront TMG 2010) was released on 17 November 2009. It is built on the foundation of ISA Server 2006 and provides enhanced web protection, native 64-bit support, support for

and

Windows Server 2008 R2 Windows Server 2008 R2 is the fifth version of the Windows Server operating system produced by Microsoft and released as part of the Windows NT family of operating systems. It was released to manufacturing on July 22, 2009, and became generall ...

, malware protection and BITS caching. Service Pack 1 for this product was released on 23 June 2010. It includes several new features to support

and

SharePoint 2010 SharePoint is a web-based collaborative platform that integrates natively with Microsoft Office. Launched in 2001, SharePoint is primarily sold as a document management and storage system, but the product is highly configurable and its usage v ...

lines of products. Service Pack 2 for this product was released on 10 October 2011. On 9 September 2012 Microsoft announced no further development will take place on Forefront Threat Management Gateway 2010 and the product will no longer be available for purchase as of 1 December 2012. Mainstream support ceased on 14 April 2015 and extended support has ended on 14 April 2020.

References

External links

*
TMG TechCenter

Forefront TMG (ISA Server) Product Team Blog

Richard Hicks' Forefront TMG Blog
{{Firewall software Forefront Threat Management Gateway Firewall software Computer security software Proxy servers 1997 software Content-control software