About encrypting the connection to the published server

When you publish Web servers or server farms, you can select whether Microsoft Forefront Threat Management Gateway uses SSL connections to communicate with the Web server or server farm. When unencrypted HTTP connections are used, data sent from Forefront TMG to the Web server, including client credentials needed for authentication to the Web server, may be sent in plaintext, depending on the credentials delegation method, and could be intercepted and read by a user on the same network as the Web server or server farm. When you select to use SSL for connections with the Web server or server farm, traffic sent from Forefront TMG to the Web server or server farm is encrypted and sent by using the HTTPS protocol.

The use of SSL requires that you install an SSL server certificate on the Web server or on each server in a server farm. The name on the certificate must match the internal site name in the Web publishing rule. For more information about obtaining and installing SSL server certificates, see Configuring server certificates for secure Web publishing.

We recommend that you select the SSL option, because this is a more secure configuration, particularly when you use a plaintext authentication delegation method, such as the option for Basic authentication.