System requirements

To install Microsoft Forefront Threat Management Gateway, you need:

  • A computer with a 64-bit processor.
  • Windows Server® 2008 64-bit operating system. You cannot install Forefront TMG on 32-bit versions of Windows Server 2008.
  • 1 gigabyte (GB) or more of memory
  • 150 MB of available hard disk space. This is exclusive of hard disk space that you want to use for caching or for temporarily storing files during malware inspection.
  • One network adapter that is compatible with the computer's operating system, for communication with the Internal network.
  • An additional network adapter for each network connected to the Forefront TMG computer.
  • One local hard disk partition that is formatted with the NTFS file system.

  • Forefront TMG installed in an Essential Business Server scenario drops all IPv6 traffic. Following Forefront TMG installation note the following:
    • Forefront TMG denies all IPv6 traffic.
    • ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is disabled.
    • The 6to4 interface is disabled. This mechanism allows IPv6 packets to be transmitted over an IPv4 network.
    • Whenever the Forefront TMG Control service restarts the Forefront TMG server reregisters with DNS to ensure that there is only an A record registered for the server, and no AAAA (IPv6) record. It also clears the DNS, Address Resolution Protocol (ARP), and Neighborhood Discovery (IPv6 version of ARP) caches.
    • Changing the Forefront TMG installation folder is not supported.
  • By default Forefront TMG is configured to log to a local SQL Server® Express database. Forefront TMG installs a number of SQL Server Express components, including an instance for logging and an instance for reporting.
  • Forefront TMG installs the Web Server (IIS) role. Note that this component is not removed if Forefront TMG is uninstalled.
  • Services and driver files installed by Forefront TMG are placed in the Forefront TMG installation folder.
  • You can use Forefront TMG on a computer that has only one network adapter. Typically, you will do so when another firewall is located on the edge of the network, connecting your corporate resources to the Internet. In this single-adapter scenario, Forefront TMG typically functions to provide an additional layer of application filtering protection to published servers or to cache content from the Internet. For more information, see About single network adapter limitations.