No, you don’t want to do it. Tom used to talk about this at length, but sometimes you have to do it.
If you’re stuck with a non-domain TMG firewall, then check out Richard Hick’s article at:
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)