You can use the Firewall Kernel Mode Tool (FWEngMon.exe) to analyze and troubleshoot firewall connectivity issues by monitoring the Forefront TMG kernel-mode driver (fweng.sys). For example, you can use fwengmon to monitor all the listeners created by Forefront TMG, since not all of them appear in the output produced by netstat.
Starting with Forefront TMG 2010, fwengmon is integrated into Windows 2008 network shell (netsh) on the Forefront TMG server; you no longer need to download it separately.
For information on how to use fwengmon on Forefront TMG, see Yuri Diogenes's blog Where is fwengmon on Forefront TMG 2010?
Author: Gabriel Koren, Forefront TMG Test Team
Reviewer: Jim Harrison, Program Manager, Forefront TMG