Access design guide for Forefront TMG

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

The access design guide for Forefront TMG is intended to help you plan for secure access to the web, and to internal corporate resources, after Forefront TMG has been installed. It guides you through the design process, and provides information that will help you make the access design choices that are appropriate for your business goals, and for your environment.

About this guide

This guide is intended for the system administrator or security officer who is responsible for controlling and securing Internet access and access to resources on the internal network. It is assumed that the reader of this guide is familiar with the concepts of authentication, network access, web access, web and server publishing, and virtual private networks.

Identifying and mapping your Internet and remote access design goals

The following table is designed to help you identify your Forefront TMG Internet and remote access design goals. After you identify the goals that are appropriate for your organization, you can map them to the relevant Forefront TMG design, or designs.

Design goal Forefront TMG designs

Prepare authentication infrastructure.

  • Web access

  • Web publishing

For information, see Overview of authentication in Forefront TMG.

Control access to and from your internal network.

Forefront TMG policies and rule sets.

  • Firewall policy

  • System policy

  • Network rules

For information, see Planning to control network access.

Control and protect internal users accessing the Internet.

  • Web access control

  • Web traffic inspection and filtering

  • Web access acceleration

For information, see Planning for web access.

Make internal applications and services available to internal and external users.

  • Web server publishing

  • Non-web server publishing

For information, see Planning for publishing.

Improve performance and response times for web requests from the Internet, and from published web servers.

Web caching. For information, see Planning to cache Web content.

Improve performance and response times for branch office clients that request content over a wide area network.

BranchCache. For information, see Planning for BranchCache (SP1).

Enable cost-effective, secure, remote access to your internal network.

  • Remote access virtual private network (VPN)

  • Site-to-site VPN

For information, see Planning for virtual private networks.

Enable the use of Internet telephony through Forefront TMG.

Voice over IP (VoIP). For information, see Preparing to enable VoIP through Forefront TMG.

Concepts

Setting up access to the Internet and corporate resources
Forefront TMG Planning and Design