What’s a Threat Management Gateway?

Print anything with Printful



Microsoft’s Forefront Threat Management Gateway (TMG) is a unified threat management software system that acts as an edge server, providing security services such as firewall, email filtering, virus monitoring, and more. It was first introduced as a basic Internet access server for LANs in the late 1990s and has since evolved to include packet filtering firewall, routing and network address translation (NAT), and virtual private network (VPN) capabilities. TMG also includes stateful filtering, application inspection, e-mail checking, and malicious software inspection functions, as well as features that improve network performance, such as web traffic compression, web caching, and Background Intelligent Transfer Service (BITS). The TMG client software intercepts outgoing requests and sends them to the TMG for rule application before forwarding them out of the network.

A threat management gateway (TMG) is the unified threat management (UTM) software system created by Microsoft® Corporation® as part of its Forefront® security software suite. This component is often referred to as Forefront® TMG. TMG software is known as an edge server, as it sits at the edge of a computer network, monitoring incoming or outgoing network traffic. It provides a number of security services including firewall, email filtering, virus monitoring and more.

The first such offering from Microsoft® was a proxy server in the late 1990s. This initial offering was a basic Internet access server for a local area network (LAN), but later versions included a packet filtering firewall. As the product continued to develop, it was rebranded in 2001 to Microsoft® Internet Security and Acceleration Server (ISA) and given the ability to link with others of its kind to provide accelerated services. Further developments led to the product being renamed Forefront® Threat Management Gateway in 2008.

As a gateway device, Forefront® TMG maintains its origins as a general Internet access server for a Microsoft® Windows® LAN. This gives the core TMG software the ability to perform routing and network address translation (NAT), which helps direct traffic within the network. By acting as a bridge to other secure networks, Forefront® software can also be used to establish a virtual private network (VPN) to connect to other remote gateways.

With regards to security, the Threat Management Gateway takes on several roles. A stateful packet filtering firewall establishes rules for packet inspection and connection monitoring. In addition to stateful filtering, Forefront® TMG adds an application inspection method that checks specific software and services running on servers and clients within the LAN it is protecting. TMG’s many activities also include e-mail checking for spam and a malicious software inspection function to prevent the spread of viruses or other software that could compromise network security and stability.

Additional features that improve network performance are also part of the Threat Management Gateway. Forefront® TMG begins by compressing web traffic and then implementing a web cache to speed up access to popular websites. Another addition specific to Microsoft® networks and software is the use of the Background Intelligent Transfer Service (BITS). The TMG can download and cache software updates for clients and servers on the network, scheduling such large downloads for periods when the network is down.

For Microsoft® Windows® computers on the LAN, the additional client software works with the Threat Management Gateway software in Forefront®. The client software is able to intercept outgoing requests and send them together with the TMG, which applies the established rules and then forwards the request out of the network. In case the request is for a location within the LAN, it is ignored by the TMG and sent along its path.




Protect your devices with Threat Protection by NordVPN


Skip to content