Introducing the Future of the ISA Firewall — The Forefront Threat Management Gateway (Forefront TMG)

If you haven’t already heard about this from reading the industry news that took place last week at the RSA conference, this will come as a surprise to you. It was announced at RSA that the ISA Firewall’s life will end with ISA Server 2006. As an ISA 2006 firewall admin, you are now administering the last version of the ISA Firewall. In the future, the ISA Firewall will be renamed the Forefront Threat Management Gateway, or TMG.

I’ve been with you from the beginning of the life of the ISA Firewall. We here at supported ISA 2000 from the start, got you up to speed when ISA 2004 introduced wide sweeping changes to the ISA Firewall’s networking architecture, and then moved you up to the latest rev of the ISA Firewall, ISA Server 2006.

It’s a bit sad for me to share this news with you. I’ve lived and breathed ISA for the last 8 years. I’ve worked hard to help you understand the ISA Firewall and how to configure it in the most secure fashion, so that you could show the network guys that the ISA Firewall is the most secure firewall on the market today.

With the changes coming with the upcoming Forefront TMG, we might need to start rethinking how we deploy the TMG. For example, should we think of the TMG as a firewall? Is it something else? Should it be on the edge? Should be use it as an internal firewall/gateway to protect network security zones from other network security zones?

These are hard questions to answer, because the full feature set of the TMG isn’t in the public domain. I can tell you that I had the opportunity to learn quite a bit about what’s coming in the future for the TMG and the upcoming upgrade of the IAG 2007 product while visiting the MS Research and Development facilities for both the ISA/TMG and IAG products, and I can tell you that you will definitely see original methods of significantly increasing the security of your network by upgrading. While I wish I could share with you all the details, I cannot because all this information is under a non-disclosure agreement. However, as soon as I get the OK to share, you will be the first ones to know!

The TMG is also part of a larger effort, which is code named “Stirling”. I also had a chance to learn a LOT about the Stirling security solution, and it’s truly amazing. You might have heard about the concept of the “Dynamic Systems Initiative” in the past, but we really never saw anything that looked very dynamic until Stirling. From what I’ve seen of Stirling, I think you’ll find that it will significantly reduce administrator overhead for dealing with network security events and will also provide you with a much clearly view of your current network security status.

If you want to check out Stirling, you can download it at:

To learn more about TMG and the future of the ISA Firewall, check out the ISA Server Team Blog for what David Cross has to say about it at:



Thomas W Shinder, M.D.

Email: [email protected]
MVP — Microsoft Firewalls (ISA)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top