Easy TMG Threat Management Gateway replacement

by Greg, July 2nd, 2018


Tags: ForeFrontForeFront replacementPre-authenticationReverse ProxyssoThreat Management GatewaytmgTMG end of lifeTMG EOLTMG replacement

So what is TMG ?

Forefront TMG (Threat Management Gateway) formerly known as Microsoft Security and Acceleration Server (ISA server)  is a Microsoft product that was typically used as a reverse proxy to securely publish internal applications and services to the internet.

It has been heavily used with Exchange, Sharepoint, Lync/ Skype for business and many applications hosted on Microsoft IIS

So what happened to it?

Microsoft decided to End Of Life TMG with End of Support April 14th 2015.

Although this was a long time ago there are many organisations still using it.

What can I do now, What are the alternatives to this?

As always you could build a solution from open source components although due to the complexity and range of features required this should not be attempted by the faint hearted.

Buy something -There are a number of top end ADC/ load balancers that also offer this with some being too complex and costly and others too simplistic and not fit for purpose.

As you might expect from an EdgeNEXUS blog we  aim to have the right balance. We deliver the features you need in a cost effect and easy to use format.

jetNEXUS ALB-X – Load balancer and ADC

The jetNEXUS ALB-X has all the features you require for a TMG replacement as standard. Easy to implement and easy to manage.

  • Add a Authentication server – For example LDAP
  • Create a rule to use it and choose if you want to present a form or basic auth to your users (Customise the form of course ;-))
  • Chose when you want the rule to fire – What URLS etc

Key features

  • Full Reverse Proxy
  • Pre-Authentication and SSO Single Sign On across applications
  • Active Directory Integration
  • Radius Authentication
  • Customisable login forms
  • Customisable Challenge *
  • Full Logging

Customisable challenge

Customisable challenge uses the powerful Flightpath traffic management facility to allow you to be very granular with respect to who (and how) you challenge a user for Authentication.

For example you could only challenge people from certain networks or countries or certain URLs. Even look at the query string and decide what Authentication server to use.

Endless possibilities.

As a bunch of geeks I love the fact that we have it setup so that we don’t have to keep logging in when we are using the dev/test network. (to the test web server)

Check out our Video and see how easy it is to use, or find out more on our website Pre-Authentication

Feel free to test it out for Free on TESTDRIVE or download it for a trial

About Greg

Leave A Reply

Your email address will not be published. Required fields are marked *