Forefront TMG Service Pack 1 Now Available

We are happy to announce the availability of Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1). The service pack is available for download from the Microsoft Download Center.

Our focus with Forefront TMG SP1 was to address common customer requests on the new features presented in TMG 2010. Here are some of the new features we are introducing to address these:

User override for URL Filtering

We have added the ability to configure web access rules to allow users to override block decisions (if blocked due to URL filtering):

When a user is blocked by a rule allowing override, there will be an “Override access restriction” button in the error page:

This will allow evaluation of the rules to continue and if allowed, the user will be able to continue to the site, despite the deny rule.

Access to denied sites will appear in the logs with the “Overridden rule” field indicating which rule the user has chosen to manually override:

Reporting enhancements

Improved look and feel

We have changed the whole look and feel of our reports to match that of other Forefront products:

New features included in the reports

We have enhanced our reports to include the new user override and BranchCache integration features.

User activity report

We have added the ability to generate a report for a specific user (or users, separated by semi-colons):

This will generate a report showing the categories and sites the user has been surfing to:

Enterprise level override lists

In the original release version of Forefront TMG, overriding URL categorization was done on the array level only. We have added the ability to generate an override list at the enterprise level, which will affect all joined arrays.

Block category available in error page redirect

When redirecting an error page to a web server, the following tokens will be replaced by the appropriate values:

[DESTINATIONURL] – Displays the denied URL.

[URLCATEGORYNAME] – Displays the denied URL Category name (localized to TMG language);

[URLCATEGORYID] – Displays a number representing the denied URL Category Id.

[OVERRIDEGUID] – Displays the array GUID, necessary if you want to create a user override button similar to the one in the default notification page.

These tokens may be used in the redirection URL (in a Forefront TMG access rule). For example:[DESTINATIONURL]&Category=[URLCATEGORYNAME]&CategoryId=[URLCATEGORYID]

BranchCache integration

With SP1, if installed on Windows Server 2008 R2 Enterprise, you can configure BranchCache in hosted cache mode through the Forefront TMG Management console:

You can also see the benefits of BranchCache WAN savings in dedicated dashboard counters and in Forefront TMG reports:

Support for installing Forefront TMG SP1 on a read-only domain controller

Forefront TMG can now be installed on a read-only domain controller in order to realize WAN optimization benefits related to local authentication in branch office scenarios.

Support for SharePoint 2010

The service pack adds support for publishing SharePoint 2010.

Getting more information

More information is available in the following links:

· What's new in Forefront TMG 2010 SP1

· Installing Forefront TMG SP1

· Release Notes for Forefront TMG 2010 SP1


Written by Gabriel Koren