The first time you launch Forefront TMG, you’ll notice the familiar Microsoft Management Console (MMC), with its navigation tree on the left, the results pane in the mid-section, and the tasks pane on the right. If you’re familiar with ISA Server, you’ll also notice changes between this product and its predecessors – the tree has been updated, new icons have been introduced, the starting pages include new links, and a new Getting Started wizard launches in the MMC.



The Getting Started wizard launches automatically the first time you open the Forefront TMG management console. The wizard guides you through the steps for configuring network settings, general system settings, and deployment options. The settings can be modified later using property pages, or you can rerun the wizard at any time. Network templates, previously selected in the Networks tab, are now selected in the Getting Started wizard.

At the end of the Getting Started wizard, you can choose to launch the new Web Access Policy wizard to create default Web access policy rules and configure Web protection for clients in your organization. You can also run the Web Access wizard by navigating to the new Web Access Policy node.


In previous versions, the navigation tree was multi-level, with nested nodes. In this version, a single hierarchical tree view is used, allowing easier navigation according to workflow.

· The Monitoring node was rearranged into three separate tree nodes. The Dashboard provides a high-level overview of the system status with links to each related section. Monitoring shows the current state of the system. Logs & Reports provides detailed information about recent activity on the Forefront TMG computer.

· The General node was removed. Options from the General tab are distributed to their appropriate locations within the MMC. For example, flood mitigation, intrusion detection, and IP options filtering are in the new Intrusion Prevention System node. Settings relevant to client Web access, such as HTTP compression and DiffServ preferences are located in Web Access Policy. Client properties, authentication server configuration, and global link translation are related tasks in the Firewall Policy.

· The Networks node is now called Networking, and includes the original Networks tabs (Networks, Network Sets, Network Rules, and Web Chaining) as well as additional tabs to improve the network configuration experience (Network Adapters, Routing, and ISP Redundancy). Network templates previously located in the Networks pane are now selected within the flow of the Getting Started wizard.

· Caching node was removed. Web caching rules and cache settings are now configured in Web Access Policy. Caching can be enabled and configured using the cache properties, or through the new Web Access Policy wizard.

· The Servers node was renamed System. The Servers tab in this node has been updated with additional options for configuring general system settings, such as domain membership and server certificates.

· The Add-ins node has been removed. Applications Filters and Web Filters tabs are now located in the new System node.

· New tree nodes provide access to new and modified features. For details about the updated navigation tree. The navigation tree will be described in a future blog “Forefront TMG User Experience: The Navigation Tree


· Toolbars and context menus have been updated with additional links to core features and related tasks. These additional shortcuts enable you to work more efficiently with or without the tasks pane open.

· Results panes show the configuration status of main features and provide quick links to the related settings.

· Search capability in the Firewall Policy and Web Access Policy nodes lets you search for specific rules based on search strings and parameters.

· Grouping for firewall policy rules and access rules is now available. Using multi-select and the right-click context menu, you can create groups for your publishing and access rules. When you run the Web Access wizard, a Web Access Policy group is created automatically. You can use the ungroup and regroup options to add access rules to this group.

· Expand and collapse options let you control the amount of information displayed in the results pane.

Linda Lior, User Experience Researcher


Reviewers: Meir Feinberg and Alon Yardeni