Forefront Online Protection for Exchange Gateway Release Notes


Applies to: Forefront Protection for Exchange

Topic Last Modified: 2009-11-05

Microsoft® Forefront Online Protection for Exchange Gateway Release Notes

(Build 0677.0)

Thank you for using Microsoft Forefront Online Protection for Exchange (FOPE) Gateway server, a component of Microsoft Forefront Protection 2010 for Exchange Server (FPE). This Release Notes file contains important information regarding the current version of the product. It is highly recommended that you read the entire document.

This topic contains the following information:

  1. This release of the FOPE Gateway cannot be managed by Microsoft Forefront Protection Manager.

  2. The program folder and the data folder must be different. If they are the same, the installation completes with no errors, but the product will not work.

  3. Installing FPE and the FOPE Gateway in the same directory will prevent the products from operating correctly and is not supported.

  4. If the Forefront Online Protection for Exchange (FOPE) Gateway is installed on a different server than FPE, the FOPE sync status widget in the user interface will not display the last sync time.

    FOPE credentials must be entered prior to importing configuration settings that include FOPE configuration settings.
  5. An upgrade from the RC version of the FOPE Gateway is not supported. Uninstall the RC version and then install the RTM version.

Build 0677.0:

  1. Added support for managing the FOPE Gateway from the Forefront Protection 2010 for Exchange Server Administrator Console.

  2. Added support for retrieving reporting data from the FOPE service and displaying this data in the user interface and via Windows PowerShell.

  3. Added support for enabling the FOPE Gateway to be installed on the same server as FPE.

  1. FOPE will not accept policies that contain incomplete e-mail addresses or domains and will return an error. Ensure that your antispam policies that have been configured on premises do not contain any invalid or incomplete domains (for example, abc) or e-mail addresses (for example, test@abc).

  2. FOPE has a Directory Synchronization Tool available for download that synchronizes the on-premises AD with the FOPE service and uses this information to do recipient validation to improve antispam filtering. This tool is currently only supported in English for an English operating system. For more information on the tool and supported scenarios, refer to the FOPE documentation.

  3. If the FOPE Gateway is installed on a standalone server, the tracing functionality is not enabled by default. To enable this functionality, the administrator must navigate to the FOPE Gateway program folder, and then double click the logman_on.cmd utility under the Data folder. If the FOPE is installed on a server that already has FPE installed, then the FOPE Gateway tracing functionality is automatically enabled and writes to the same programlog.etl log file as FPE.

  4. If you make a change in your environment and proxy server credentials are no longer needed for the FOPE Gateway to use a proxy server to access the Internet, clearing the credential information in the FPE Administrator Console will not clear the credentials that persist in the FOPE Gateway. To properly clear the credentials:

    1. In the Forefront Protection 2010 for Exchange Server Administrator Console, in the Policy Management view, click Online Protection and then click Configure. In the Online Protection – Configure pane, uncheck Enable Proxy Settings and click Save at the top of the pane. This will remove all the proxy settings on the UNRESOLVED_TOKEN_VAL(ffonlineshort) Gateway.

      This action will cause the UNRESOLVED_TOKEN_VAL(ffonlineshort) Gateway to attempt to sync with the UNRESOLVED_TOKEN_VAL(ffonlineshort) service and will return an error if the UNRESOLVED_TOKEN_VAL(ffonlineshort) Gateway still has to go through a proxy to connect to the service. Disregard this error and proceed to the next step.
    2. Recheck Enable Proxy Settings in the Online Protection - Configure pane, re-enter the proxy address and port, and remove all credential information for the Proxy Server. Click Save to save the settings in the FPE Administrator Console and in the UNRESOLVED_TOKEN_VAL(ffonlineshort) Gateway.

The documentation for this product is distributed in .chm format and is provided with this package. After installation, access help either from the FPE Administrator Console or use the F1 key when running the FPE Administrator Console.

Regularly updated lists of frequently asked questions are available on Microsoft's Web site (

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2009 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Forefront, SharePoint, Windows, Windows NT, Windows Vista, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.