secure network address translation (SecureNAT)

The Forefront TMG extension of the Windows network address translation (NAT) feature. SecureNAT provides a degree of address transparency for networked clients. NAT substitutes a global IP address, valid on the Internet, for an internal IP address. Forefront TMG enhances the underlying Windows NAT functionality by enabling access control for FTP, Windows NetMeeting for H.323, and T-120 protocols. It also enables rerouting HTTP requests, which can then frequently be satisfied by a local cache. This enhancement greatly improves HTTP performance and lowers bandwidth requirements.

Secure Socket Tunneling Protocol (SSTP)

A VPN protocol that uses an HTTP-over-SSL session between VPN clients and servers over port 443 to enable PPP negotiation between the client and server with authentication and the subsequent exchange of encapsulated IP packets.

Secure Sockets Layer (SSL)

A protocol that supplies secure data communication through data encryption and decryption. SSL enables communications privacy over networks.

secure Web publishing

The process by which a server behind a Forefront TMG computer can publish to the World Wide Web (WWW) without compromising security. See also reverse hosting and publishing.


See secure network address translation (SecureNAT).

security identifier (SID)

A unique string value of variable length that identifies a user, group, or computer account. Every Windows account on a network is issued a unique SID when the account is first created. Generic users and generic groups are identified by well-known SIDs.

server certificate

A digital certificate (SSL certificate) installed on a server and used by the server to authenticate itself to a client.

session filter object

In application filters, a COM object that implements an IFWXSessionFilter interface. A session filter object is created by an application filter for a specific session (client computer) when the Microsoft Firewall service raises a network event for which the application filter is registered.

Session Description Protocol (SDP)

An Internet Engineering Task Force (IETF) proposed standard protocol that defines a format for describing streaming media session parameters (session descriptors) in an ASCII string and is used for session announcement, session invitation, and other forms of multimedia session initiation.

Session Initiation Protocol (SIP)

An Internet Engineering Task Force (IETF) standard protocol for initiating interactive multimedia user sessions and Internet telephony calls. SIP supports name mapping and redirection.

sender reputation level (SRL)

A number between 0 and 9 that indicates the probability that a specific sender is a spammer or a malicious sender. A value of 0 indicates that a message sent by the sender is probably not spam. Values of 1 through 9 indicate increasing probabilities that a message sent by the sender is spam.


See security identifier (SID).

Simple Mail Transfer Protocol (SMTP)

An Internet standard protocol used for exchanging email messages between SMTP servers on the Internet.


See Simple Mail Transfer Protocol (SMTP).


Software that makes up the smallest unit of console extension. One snap-in represents one unit of management behavior (for example, the event log viewer is a functional unit of management and thus a good candidate to become a snap-in). Snap-ins are COM in-process servers that are implemented as dynamic-link libraries (DLLs).


An endpoint of a logical communications channel used by TCP/IP applications. Sockets are defined in data structures by using a combination of device IP addresses and reserved TCP/UDP port numbers to indicate connection and delivery service information. See also Windows Sockets (Winsock).


A protocol for traversing firewalls in a secure and controlled manner, made available to the public by the Internet Engineering Task Force (IETF).

source NAT

See full proxy mode.

spam confidence level (SCL)

A normalized value that is calculated using a spam filtering algorithm from characteristics of an email message, such as its content and headers, and indicates the likelihood that the message is spam. A value of 0 indicates that the message is probably not spam. Values of 1 through 9 indicate increasing probabilities that the message is spam.


The practice of making a transmission appear to come from an authorized user. For example, in DNS spoofing, the DNS name of another system is assumed either by corrupting a name-service cache or by compromising a domain-name server for a valid domain.


See Structured Query Language (SQL).

SQL server

A server that uses the Structured Query Language (SQL) to query, update, and manage a relational database.


See Secure Sockets Layer (SSL).

SSL certificate

See digital certificate.

Structured Query Language (SQL)

A database query and programming language widely used for accessing data in, querying, updating, and managing relational database systems. See also SQL server.

subnet mask

A TCP/IP configuration parameter that extracts network and host configuration data from an IP address. This 32-bit value enables the recipient of IP packets to distinguish the network ID portion (domain name) of the IP address from the host ID (host name).



Build date: 7/12/2010

Community Additions