About Forefront TMG Clients

Forefront TMG supports three types of clients:

  • Forefront TMG Client computers are client computers that have Forefront TMG Client installed and enabled. Firewall clients are functionally similar client computers that have Firewall Client from ISA Server 2006 or ISA Server 2004 installed and enabled.
  • Secure network address translation (SecureNAT) clients are client computers that do not have Forefront TMG Client or Firewall Client installed and enabled and whose default gateway is set to a directly or indirectly (through a router or chain of routers) reachable IP address of a Forefront TMG server.
  • Web proxy clients are client applications or computers that send requests to the TCP port on which Forefront TMG listens for outgoing Web requests from the network in which the client computer resides. By default, Forefront TMG listens for outgoing Web requests from clients in the Internal network on port 8080. Web Proxy clients are typically CERN-compliant applications (Web browser applications) that are configured to send Web requests to a Forefront TMG server.

The following table compares the Forefront TMG clients.

Feature SecureNAT client Forefront TMG Client computer Web proxy client
Installation required Some network configuration changes are required Yes No, but requires configuration of the Web browser
Operating system support Any operating system that supports Transmission Control Protocol/Internet Protocol (TCP/IP) Only Windows platforms All platforms, but by way of the Web application
Protocol support Requires application filters for multiple-connection protocols All Winsock applications Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) (download requests)
User-level authentication Only the IP address of the user is sent to the Forefront TMG server. Forefront TMG Client sends the user's credentials to the Forefront TMG server with each request. User credenticals can be supplied in response to requests from Forefront TMG.
Server applications No configuration or installation required Requires configuration file N/A


Web proxy clients can run on Forefront TMG Client computers and on SecureNAT client computers. If the Web application on the computer is configured explicitly to use a Forefront TMG server, then all Web requests (HTTP, HTTPS, and FTP) are sent to the Forefront TMG Web proxy.

This section contains the following topics:



Build date: 7/12/2010