A threat management gateway (TMG) is the unified threat management (UTM) software system created by Microsoft® Corporation® as part of its Forefront® security software suite. This component is often referred to as Forefront® TMG. The TMG software is what's known as an edge server, in that it sits at the border of a computer network, auditing network traffic that is entering or leaving. It provides an array of security services including firewall, email filtering, virus monitoring, and more.
The first of this type of offering from Microsoft® was a proxy server back in the late 1990s. This initial offering was a basic Internet access server for a local area network (LAN), but later versions included a packet-filtering firewall. As the product continued to develop, it was renamed in 2001 to Microsoft® Internet Security and Acceleration Server (ISA) and given the ability to link together with others of its kind to provide accelerated services. Further developments led to the product being renamed the Forefront® Threat Management Gateway in 2008.
As a gateway device, the Forefront® TMG holds to its origins as a general Internet access server for a Microsoft® Windows® LAN. This gives the core TMG software the ability to perform routing and network address translation (NAT), which aids with directing traffic inside the network. Working as a bridge to other secure networks, the Forefront® software can also be used to establish a virtual private network (VPN) for connecting with other, remote gateways.
With regards to security, the threat management gateway picks up several roles. A stateful packet-filtering firewall establishes rules for packet inspection and connection monitoring. In addition to stateful filtering, the Forefront® TMG adds an application inspection method that watches over specific software and services running on servers and clients within the LAN it is protecting. Further included among the bevy of activities for the TMG is auditing email for spam and a malicious software inspection feature to prohibit the spread of viruses or other software that could compromise the security and stability of the network.
Additional functionality that enhances network performance is also a part of the threat management gateway. Forefront® TMG starts by compressing web traffic and then implementing a web cache to speed up access to commonly requested web sites. Another addition, specific to Microsoft® networks and software, is the use of the background intelligent transfer service (BITS). The TMG can download and cache software updates for clients and servers on the network, scheduling such large downloads for periods when the network is idle.
For Microsoft® Windows® computers on the LAN, additional client software works with the threat management gateway software in Forefront®. The client software is capable of intercepting outbound requests and sending them along to the TMG, which applies any rules established and then forwards the request out of the network. In case the request is for a location within the LAN, it is ignored by the TMG and sent along its way.