Access rules

One of the primary functions of Microsoft Forefront Threat Management Gateway is to connect between source and destination networks, while protecting from malicious access. To facilitate this connectivity, you use Forefront TMG to create access rules that allow or deny clients on a source network to access specific computers on a destination network. Generally, you use access rules to control outbound protocols that specify how internal clients access resources in other networks.

When Forefront TMG processes an outbound access request, it checks network rules and access rules to determine if the request is allowed. For more information about network rules, see About network relationships and firewall policy. Forefront TMG checks access rules in the order that they appear in the firewall policy pane of Forefront TMG Management. For more information about access rule evaluation, see Overview of firewall policy and Firewall policy best practices.