Ah yes – I remember the good old days of ISA 2004 firewalls when we had the SMTP Message Screener. Do you remember the SMTP Message Screener? Is was a component of the ISA 2004 firewall that allowed you to do some basic controls over email coming into your organization. You could control by keywords, from and to addresses, and a couple of other things. It was very sophisticated, but it was better than nothing back in the day where there weren’t a lot of choices, and from the choices you had, you had to pay quite for a good anti-spam, anti-malware solution.
Fast forward to 2010. Now we have the TMG firewall and things are much improved when it come to email protection. While you might not have heard a lot about it, the TMG firewall can be your inbound and outbound email hygiene solution. How? Couple of reasons:
- You can install the Exchange Edge server role on the firewall. Yes, even though the TMG firewall is typically a member of the domain so that you can benefit from higher security that domain membership allows, the Exchange Edge role will work just fine on a domain member. The Edge server role provides connection filtering and protocol control.
- You can install Forefront Protection for Exchange 2010 on the TMG firewall. FPE is your premium anti-spam, anti-malware solution that evaluates the mail that passes through the Exchange edge server role. Only after passing through Exchange edge and FPE does the mail make it’s way to your mailbox server.
This is a great boon to TMG firewall administrators and confirms that TMG should be a key component of any email compliance solution.
For more details, check out the TMG Firewall Team blog post on this subject over at:
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer