About Forefront TMG Clients

Forefront TMG supports three types of clients:

  • Forefront TMG Client computers are client computers that have Forefront TMG Client installed and enabled. Firewall clients are functionally similar client computers that have Firewall Client from ISA Server 2006 or ISA Server 2004 installed and enabled.
  • Secure network address translation (SecureNAT) clients are client computers that do not have Forefront TMG Client or Firewall Client installed and enabled and whose default gateway is set to a directly or indirectly (through a router or chain of routers) reachable IP address of a Forefront TMG server.
  • Web proxy clients are client applications or computers that send requests to the TCP port on which Forefront TMG listens for outgoing Web requests from the network in which the client computer resides. By default, Forefront TMG listens for outgoing Web requests from clients in the Internal network on port 8080. Web Proxy clients are typically CERN-compliant applications (Web browser applications) that are configured to send Web requests to a Forefront TMG server.

The following table compares the Forefront TMG clients.

FeatureSecureNAT clientForefront TMG Client computerWeb proxy client
Installation requiredSome network configuration changes are requiredYesNo, but requires configuration of the Web browser
Operating system supportAny operating system that supports Transmission Control Protocol/Internet Protocol (TCP/IP)Only Windows platformsAll platforms, but by way of the Web application
Protocol supportRequires application filters for multiple-connection protocolsAll Winsock applicationsHypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) (download requests)
User-level authenticationOnly the IP address of the user is sent to the Forefront TMG server.Forefront TMG Client sends the user's credentials to the Forefront TMG server with each request.User credenticals can be supplied in response to requests from Forefront TMG.
Server applicationsNo configuration or installation requiredRequires configuration fileN/A


Web proxy clients can run on Forefront TMG Client computers and on SecureNAT client computers. If the Web application on the computer is configured explicitly to use a Forefront TMG server, then all Web requests (HTTP, HTTPS, and FTP) are sent to the Forefront TMG Web proxy.

This section contains the following topics:



Build date: 7/12/2010

Community Additions