Every firewall and network security device has it own areas of expertise. It's no different for the Forefront TMG firewall. When thinking about why you might want to bring a Forefront TMG firewall onto your network, you should consider the TMG firewall "BIG 6". The "BIG 6" are the six core scenarios for which the TMG firewall is designed.
The Forefront TMG firewall "BIG 6"
- Control network policy access at the edge (Firewall)
- Protect users from web browsing threats (Web Client Protection)
- Protect users from E-mail threats (Email Protection)
- Protect desktops and servers from intrusion attempts (NIS)
- Enable users to remotely access corporate resources (VPN, Secure Web Publishing)
- Simplified management (Deployment)
As you can see, the Forefront TMG firewall, while designed to be an edge firewall and network security device, can perform a variety of roles. You should consider each of these roles when thinking about bringing a TMG firewall onto your network.
For example, you might think the TMG firewall would be a good device to support outbound Web proxy. However, when you review the TMG firewall "BIG 6", you see that it can protect you from Email threats. Maybe you're paying for a outsourced email hygiene solution and aren't too impressed with it.
In that case, you could test the TMG firewall's email protection solution and see if it works better for you, and more importantly these days, assess whether it is more cost effective then your outsourced solution. While "the cloud" has a lot to offer, sometimes trading capital expenditures for operating expenditures isn't a good thing. You'll have to do the math for your own company to see.
Check out David Cross' blog entry for more information about some other new and improved features included in the Forefront TMG firewall that I'm sure you'll be interested in: https://blogs.technet.com/isablog/archive/2009/02/06/forefront-tmg-beta-2-is-released.aspx
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer