Configuring cache rules
Microsoft Forefront Threat Management Gateway cache rules specify the types of content stored in the cache and how objects are served from the cache. Configure cache rules using the New Cache Rule Wizard as follows:
In the Forefront TMG Management console tree, click Web Access Policy.
On the details pane, click the Web Access Policy tab.
On the Tasks tab, click Configure Web Caching.
On the Cache Rules tab, click New.
On the Welcome page of the New Cache Rule Wizard, specify a name for the cache rule. Then complete the wizard as outlined in the following table.
Page Field or Property Setting or Action
Cache Rule Destination
Add, Edit, Remove
Add, modify or delete a single Web site, a set of Web sites, or a network to which the cache rule should be applied.
Only if a valid version of the object exists in the cache. If no valid version exists, route the request to the server
If a valid cached object is available, serve it from the cache. Otherwise, request the object from the Web site.
If any version of the object exists in the cache. If none exists, route the request to the server
Serve any version of the object from the cache. If the object is not cached, request the object from the Web site.
If any version of the object exists in the cache. If none exists, drop the request (never route the request to the server)
Serve any version of the object from the cache. If the object is not cached, drop the request and return an error page.
Never, no content will ever be cached.
Content returned to the user with this rule will never be cached.
If source and request headers indicate to cache
Content returned to the user with this rule will be cached if headers indicate caching.
If source and request headers indicate caching, cache retrieved objects even if they are marked as not cacheable.
Content for offline browsing (302, 307 responses)
If source and request headers indicate caching, cache content with 302 and 307 codes.
Content requiring user authentication for retrieval
If source and request headers indicate caching, cache content requested by authenticated users. Content is then served from the cache without verifying access permissions, and non-authenticated users may be able to access it.
Cache Advanced Configuration
Do not cache objects larger than
The maximum size of objects cached for this rule.
Cache SSL responses
Caches SSL responses for SSL bridged traffic. SSL tunneled traffic is not cached. This effectively means that you can cache SSL traffic in reverse caching scenarios, where internal Web sites are published over SSL, and the SSL request is terminated on the Forefront TMG firewall. Outgoing SSL requests to the Internet cannot be cached.
Enable HTTP caching
Cache requested HTTP objects.
Set TTL of objects (% of the content age)
Keep HTTP objects valid in the cache according to TTL settings. TTL settings are based on the TTL defined in the response header and the TTL boundaries defined in the cache rule. The percent of the content age is a percentage of the time of the content's existence. The higher the percentage, the less frequently the cache is updated.
No less than
The minimum amount of time that the HTTP object remains in the cache.
No more than
The maximum amount of time that the HTTP object remains in the cache.
Also apply these TTL boundaries to sources that specify expiration
Even if the source contains expiration data, its TTL will be overridden if it is not within the specified TTL boundaries.
Enable FTP caching
Cache requested FTP objects.
Time-To-Live for FTP objects
The object expires in the cache when the TTL runs out, and content is returned from the cache in accordance with the negative caching configuration settings.