What is Microsoft's Forefront Threat Management Gateway?

Keith AlabasterEnterprise Architect
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (the IAG product from Whale Technologies) to name but a few. This manifests itself now into three core areas which are:

Forefront Client security;
Forefront for Sharepoint and Forefront for Exchange; and finally,
Forefront Edge - Forefront Threat Management Gateway and the Unified Access gateway or UAG for short.

The Forefront Threat management Gateway - or FTMG - is the replacement for ISA Server 2006 SP1 and is currently in its RC or Release Candidate stage. The next stages will include RTM or Release to Manufacturer before being made publicly available within the next two - three months.

There are some significant differences to the new version, not least of which is that FTMG is only available to run on a 64-bit operating system. Another key point to note is that FTMG is not supported on a Domain Controller. Actually, to be more specific, FTMG cannot even installed on a system that is a Domain Controller although, strangely, the pre-installation checks that are now familiar within many Microsoft installation CDs all pass successfully. However, once the installation commences, an error message will be seen when the host server tried to create the required services forcing a rollback to be undertaken.

Graphically speaking FTMG is quite similar to ISA Server 2006 in its design with an options window for core components down the left hand side of the screen although the position and names of various options have changed. Improved logical grouping has been achieved - for example, the FTMG real time viewer that allows monitoring of traffic has been grouped with the reporting tab. In addition, each main option selected from the left-hand table provides many options across the top of the viewing window. These common sense changes now make most of the options available and in clear site through a reduced number of mouse clicks. This reduces the irksome process of having to drill down through the options to find some hidden away tick box and makes for a much cleaner layout and simplified interface.

Options are available within FTMG for pre-download checks for malware and spyware although this will likely be subscription based at a later stage.

A very positive step has been the inclusion of pre-populated content filters based on categories. The obvious ones such as porn, racism, terrorism are all present and the ability to add additional categories is provided.
An evaluation copy of Forefront Threat Management Gateway is available from the Microsoft Forefront home pages which can be found here.


ISA Forefront MVP
Keith AlabasterEnterprise Architect

Comments (1)

tigermattStaff Platform Engineer
Most Valuable Expert 2011

Thanks for the article Keith. Voted Yes above!

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.