Planning for updates of protection definitions

Published: November 15, 2009

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Some Forefront TMG protection mechanisms use Microsoft product updates to keep protection definitions constantly updated. These include:

Updated definition files are provided by Microsoft Update and are subject to licensing. For licensing information, see How to Buy (

You can select to update definition files by either of the following methods:

  • Microsoft Update—Updates that are released through Microsoft Update are installed on the Forefront TMG computer.

  • Windows Server Update Services (WSUS)—For Forefront TMG arrays, you can deploy WSUS in the network where Forefront TMG is deployed. A single server downloads the updates that are released through Microsoft Update, and distributes the updates to all the Forefront TMG computers in the network. This is the recommended update method for Forefront TMG arrays, because it provides centralize management, and saves time and network bandwidth. For more information, see Microsoft Windows Server Update Services 3.0 Overview (

    • You can select to use Microsoft Update if the update from WSUS fails.

    • If you join a production Forefront TMG server to an array, download the updates onto the server before joining it to the array.

Related Topics