Remember the HTTP Security Filter (exposed as “Configure HTTP Policy” in the right click menu of an HTTP related rule)? It’s still around with the TMG firewall for Access Rules and Web Publishing Rules that control HTTP communications.
While the HTTP Security Filter isn’t such a big deal anymore for outbound communications with the advent of the TMG antimalware, web filtering, and NIS (Network Inspection System) features, it is still useful for Web Publishing Rules, since the anti-malware feature isn’t available for incoming connections, and it’s not clear how much of the NIS is applied to incoming connections through Web Publishing Rules.
Because of this, you might want to configure the HTTP Security Filter to control the types of connections allowed to your CAS server – especially those connection to the RPC/HTTPS and ActiveSync services.
For information on how to configure these filters for these services, check out the TMG Firewall Team Blog over at:
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)