The Forefront TMG uses something called GAPA to drive its Network Intrusion Prevention System (Network IPS). In order to get the most out of this feature, you have to make sure that you have the latest updates, including the latest updates to the GAPA engine itself.
However, most of the updates are signature updates, which the TMG firewall will download on a regular basis. Something you need to know is that with the upcoming TMG RC, the nature of the engine is going to change, so you need to be aware that NIS signature updates used in earlier releases of TMG beta versions will no longer be supported with the TMG RC and forward.
For more details, check out the TMG firewall Team blog at:
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer