Yes, it’s the configuration you want to avoid at all costs because of the security issues, but you can configure the TMG firewall to not be a member of a domain. Sure, Tom would go nuts if you did it, but that doesn’t prevent you from doing so.
Richard Hicks shows you how at:
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)