Overview of Web publishing concepts

Microsoft Forefront Threat Management Gateway Web publishing makes Web content securely available to groups of users or to all users who send requests to your organization from the Internet. The Web content requested is typically stored on Web servers in the Internal network or in a perimeter network (also known as a screened subnet or a demilitarized zone (DMZ)).

With Web publishing rules, you can allow or deny requests based on defined access policies. You can restrict access to specified users, computers, or networks, require user authentication, and inspect the traffic. Content caching enables Forefront TMG to cache Web content and to respond to user requests from the cache without forwarding the requests downstream to the published Web server. This type of content caching is called reverse caching. Web publishing rules have many features that determine how client Web requests are passed to the published Web servers, including the following:

  • Mapping requests to specific internal paths to limit the portions of your Web servers that can be accessed.
  • Delegation of user credentials for authenticating Forefront TMG to the Web server after authentication by Forefront TMG, without requiring users to supply their credentials for a second time.
  • Link translation for replacing internal host names and paths in Web content with public names and external paths.
  • Secure Sockets Layer (SSL) bridging, which enables Forefront TMG to inspect incoming HTTPS requests and then forward them to the Web server over an encrypted SSL channel.
  • Load balancing of client requests among the Web servers in a server farm, with maintenance of client affinity for increased availability and improved performance.

See the following topics for more information about specific features of Web publishing: