Important Changes to Forefront Product Roadmaps

Today, as a result of our effort to better align security and protection solutions with the workloads and applications they protect, Microsoft is announcing changes to the roadmaps of some of the security solutions made available under the Forefront brand.

  1. As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection. 
  2. In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013.  This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense. 
  3. We are discontinuing any further releases of the following Forefront-branded solutions:
    • Forefront Protection 2010 for Exchange Server (FPE)
    • Forefront Protection 2010 for SharePoint (FPSP)
    • Forefront Security for Office Communications Server (FSOCS)
    • Forefront Threat Management Gateway 2010 (TMG)
    • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

For collaboration protection, SharePoint and Lync Servers will continue to offer the built-in security capabilities that many customers use to protect shared documents.  For remote access, DirectAccess and Routing and Remote Access Server (RRAS) VPN in Windows Server 2012 provide secure remote access for Windows and cross-platform clients, as well as cross-premise access through site to site VPN. Forefront Unified Access Gateway (UAG) 2010 also continues to provide secure application publishing and cross-platform SSL VPN remote access for a range of mobile devices.
We will continue to provide maintenance and support for the following Forefront solutions through the standard Microsoft support lifecycle (see chart below), but the discontinued Forefront offerings will no longer be available for purchase as of Dec. 1, 2012. 

It is important to note that there are no significant changes to the Forefront Identity Manager or Forefront Unified Access Gateway roadmaps.  These solutions continue to be actively developed.  Forefront UAG 2010 SP2 was released in August 2012 and Forefront Identity Manager 2010 R2 was release in June 2012.

If you have any questions about these changes, please contact your Microsoft or partner sales representative.

The Forefront Product Teams

Comments (135)

  1. Anonymous says:

    We wanted to clarify some details around the discontinuation of Forefront TMG to help address many of the questions we’ve seen posted in the comments section.

    First, it is important to note that while Forefront TMG is being discontinued, it will continue to be supported in mainstream support through April 14, 2015 and in extended support through April 14, 2020.  When and how a customer transitions to a replacement solution will depend on how the customer is using TMG today.  Customer use scenarios vary, but these general guidelines should help:

    •  For customers using TMG for caching, secure web gateway (forward proxy), and firewall, we recommend that, prior to April 14, 2020, customers examine the many vendor solutions available in market today that offer comparable features to the TMG product.   Microsoft does not plan to transition this functionality to any other Microsoft products.

    • For customers using TMG for reverse proxy, transitioning to Forefront UAG is an option.  Most web publishing scenarios that are supported by TMG can be published by UAG, though specific functionality may not be identical.   For customers who do not want to transition to Forefront UAG, customers should plan on transitioning to an alternative vendor solution prior to April 14, 2020.

    •  For customers using Forefront TMG Web Protection Services, we recommend that customers examine the many vendor solutions available in market today that offer comparable reputation services by Dec. 31, 2015.  This product will no longer receive updates starting January 1, 2016.

    We hope that these general guidelines provide additional clarity.  Please continue to contact your Microsoft account teams or partner managers with any questions about your specific scenarios.    


    The Forefront TMG Team

  2. Anonymous says:

    So well over two months now,  and everyone I spoke with is still shaking their head on this.. from colleagues to MS partners and resellers to MS employees. Its not that beloved product A is discontuned that frustrates per sei (that happends all the time), its that it is one of strategic products (cant make this last two words bold and underline and italic btw.) with no foresight provided by MS for replacement within MS services scope (suggesting customers migrates from your product base to 3rd party services is your recommendation.. really ?). Then it is the absolute lack of clarity within internal and partner base as to 'where do we go from here' when initially followed throught the announcement. This makes it pretty darn hard to plan forward. So no-one seems to be prepared to actually support the transition post announcements as it seems to have caught all by surprise. Lot left to desire in terms of business change management communications practice. Having all the above said, I agree that there was too much complexity and brand misconception in terms of what TNG/ForeFront is and does/did. Dont think it was worth caning the product because of it though. Seems more like somone was finding it too hard to deal with and didnt really engage with the community attempting to fix the issue. Hope 2013 gets better…

  3. Anonymous says:

    Sad news, are there any information about UAG roadmap published somewhere?

  4. Anonymous says:

    We can always use linux if TMG is retired. This way Microsoft will loose twice because there is no need for windows server license. Good move Microsoft.

  5. Anonymous says:

    I need to upgrade our ISA 2006 back-end. What do I do now for inbound publishing reverse proxy and outbound proxy server? I need a solution that can be virtualised, there are any competing products that can do the job?

  6. Anonymous says:

    Shame, I finally got the hang of TMG rules, spent at least 100 hours on configuring various TMG servers, 1 week course on ISA 2006 and exams. It has been a much used product and essential part of the network. At least Microsoft could recommend a replacement.

  7. Anonymous says:

    I was planning to use Forefront TMG as a key component of an upcoming project. The bad news was I get informed that Forefront being discontinued. so are there any suggestions or recommendations for a product which can do web filtering, RRAS and network-level antivirus on a Windows server system? The TMG is gone there is a big hole in our plans!

    Any Solution ??

  8. Anonymous says:

    I'm struggling to understand the logic behind killing a product like TMG that has finally come of age.  Also, for my enterprise, I can't (and won't) run Exchange protection online scanning. Are they trying to lose customers?

    If ever I needed confirmation that Microsoft had lost their way, this is it.

  9. Anonymous says:

    I have been doing some more extensive testing of the Office 365 environment and there is no way the MS  online services are ready for the enterprise at this stage. Here are some examples:

    Comments like this in a thread about alerts being LOST:

    "The problem was caused by an SMTP server that exceeded its capacity. The first 5000 mails received while in this condition were queued for delivery and mails beyond that were dropped.

    Microsoft have now increased SMTP server capacity and redundancy. And they have implemented monitoring to cover each SMTP server instance and their mail queue counters."…/296349.aspx

    I opened a case about my lost alerts from a SharePoint site due to the above mentioned basic Exchange configuration problem:

    SRX1185473122ID – Service interruption not recognised/DI/3/CH. The SLA for SharePoint online does not include e-mail functionality. A SharePoint service interruption is "Any period of time when users are unable to read or write any portion of a SharePoint
    site collection for which they have appropriate permissions".

    OK, the SharePoint site was up but the mail alerts it was sending were getting lost (and were never recovered)

    It whole product discontinuation is completely unreal that we are going back 10 years to where Microsoft purchased Antigen (a third party Exchange AV and anti-spam solution which is re-branded as Forefront). Antigen – Forefront was a great product, and MS
    have now killed it. TMG was an excellent evolution of the MS-Proxy server – ISA range. and of great use to SMBs who can only afford one box.

    And of course there is a lot of data that is not allowed in the cloud for legal reasons. Most companies will have to retain on-premise solutions for a long time!

  10. Anonymous says:

    I don't follow the reasons why this in happening: we had the explanation 3 weeks ago from Microsoft that these products are not effective, because the end-point security (thus on the client) software is "always" faster in dealing with virusses, malware and so on in SharePoint, Exchange, Lync and so on…

    However, did Microsoft consider the fact that these systems are also "storage places of data" and "archives", and we have to be able to do full "system" scans of this, by example after a virus outbreak? Did Microsoft also consider that it's not always fully protected end points using the Exchange, SharePoint and Lync and that explicitly WANT to protect these users (read: our infrastructure) as well?

    The reality out there isn't always perfect with only full blown windows clients with full blown antivirus accessing our server infrastructure (and applications running on it). Also having antivirus vendor A on the server/application versus vendor B on the clients (multilayer) does give a very nice additional protection. Too bad Forefront Protection isn't part of it anymore, and we have to knock on other doors for this…

    I've got colleagues here who really liked the "Forefront Protection 2010 for SharePoint".


  11. Anonymous says:

    Forefront Protection 2010 for Exchange Server (FPE) will be discontinued; understood. but if any customer already purchased it; the question is:

    1. Should the customer get signature updates? say till 31st december of 2015? it's a bit confusing though.

    2. Does the customer need to upgrade the SA? or they continue to use it without paying till 31st Dec 2015?

    Though it's a real life scenario for a customer in our country.

    Would appreciate much if anyone can shed some light in it.


  12. Anonymous says:

    BTW can someone explain to me how UAG is going to continue without the core TMG?

  13. Anonymous says:

    Please don't do this to us. We're not going to rely on the cloud and datacenters located around the world.

    MS might be better at privacy than Google on privacy but given the track record of Office365, and the false reporting of downtime (I've had recent Office365 downtime which has never been recognised as such despite the tickets telling me that such and such an Exchange serve was down for several hours).

    I'd rather know it's my own problem than have to put up with Microsoft faking performance. Look at the recent problems with FPE updates – scary!

  14. Anonymous says:

    I am shocked to say the least. I learned about TMG (at the time it was called ISA Server) when I was an MCSE student. It was a product for which I was proud of Microsoft.

  15. Anonymous says:

    What do you plan to replace caching, secure web gateway and firewall features from TMG?

  16. Anonymous says:


    Many thanks to all of you who has done very great work for writing the ISA/TMG code. It is very sad to hear that your company does not see your effort. But in these days, if some products does not have enough invoice that product will be kick out. And I believe, with TMG, there has been not enough deployments, even those who has used it are more than happy for the product.

    But I have to say, this looks very strange. You basically say: "We do not care of TMG customers anymore, and it is much better for us and you to go some other vendor than Microsoft."

    Shall we start looking for some other vendors for other products as well, like replace Office with LibreOffice?

    Bad decision Microsoft.

    ps. Great idea from Adam, could you TMG team build TMG2012 and took our money when Microsoft don't need them.

  17. Anonymous says:

    It's a shame. While there are features I'm missing in TMG I use it as a site-to-site VPN Box,  publishing of web sites, and as a gateway for small LANs.

    I have UAG installed as well, and while I don't have a problem seeing there's way more features there with regards to publishing sites it's more complex to configure and troubleshoot. It also means I have to setup more servers to do the same thing since I have to rely on both UAG and "plain" Windows Server to provide the same functionality.

  18. Anonymous says:

    In which product will the functionality forward proxy be included in the future ?

  19. Anonymous says:

    Very sorry to see this thread has closed !

    We will sorely miss these products in SMBs – TMG is an excellent and cost effective combination of firewall, threat management and reverse proxy. Now we will have to have two or mode solutions with their disparate management interfaces.

    For those who do not want their data in the cloud, Forefront for Exchange and SharePoint were much better integrated that the competing third party products. Please think again!

  20. TMG Fan says:

    i can't believe that 🙁

  21. Vasu says:

    R.I.P TMG…!!!

  22. Rob Helm says:

    How long will updated signatures continue to be available for existing customers of the antimalware products? Similarly, how long will Web Protection Services be available for current customers?

  23. Mike says:

    Really? Do you think that everyone is going to the cloud? Seriously, this is a total mess.

  24. Ryan says:

    Ok, so what will replace TMG?

  25. Boudewijn Plomp says:

    Microsoft, thank you for this announcement. I can only add one thing. It is very and again very disappointing to hear that you will be discontinuing Forefront Threat Management Gateway (TMG) 2010. It breaks my heart.

  26. DallasTMG says:

    Are there plans for TMG2013 or other, future, TMG products or is TMG being discontinued altogether?

  27. Philip Colmer says:

    Disappointed to read about the demise of TMG. UAG has its place but TMG serves a purpose that UAG doesn't entirely replace. For example, TMG allows me to build a very simple but secure client VPN solution without the portal overhead of UAG.

    It is also particularly worrying that there isn't better news about support for IPv6 in a Microsoft firewall product, either.

  28. Mr Clean says:

    bad news about TMG, how are we expected to publish applications, load balance web sites, sharepoint etc?

  29. Kyriacos Aristodemou says:

    So what is going to replace tmg, although uag includes tmg not all functionalityn of tmg is supported, is that going to change?

  30. ISA Fan says:

    Pity MSFT. ISA & TMG were very strong product sets and truly best in class. This is a huge loss and a poor direction.

  31. Alex says:

    So, there is no replacement to the TMG web filtering features?

  32. Stunned says:

    Really? You are killing off forefront TMG? Is there a replacement product?

  33. Kieran Jacobsen says:

    What about proxy? what about outbound web traffic rules?

    When will UAG become stable for production use?

  34. DaveMcDave says:

    What does this mean for customers using TMG to publish OWA/Outlook Anywhere/Activesync using a reverse proxy? What's the Microsoft recommended solution for publishing those resources now?

  35. A User says:

    What product would Microsoft "recommend" to replace TMG for both reverse proxy and for proxying internal users to the internet?  If we go with a third party product, why shouldn't we replace more of the Microsoft infrastructure as well?

  36. TDR says:

    So what is the road map for web proxy services? Are these being rolled into UAG?

  37. jones says:

    So from Exchange 2013 and forward there will be no local FPE for antimalware except the builtin? If you need more protection you HAVE to use the cloud Exchange Online Protection?

    Will this built-in E2013 antimalware inclyde any Antivirus scan capabilities? Or only antispam?

  38. pirate says:

    WOW Microsoft we didn't expect that from you.

    what about security is there no Interest to invest in that ??

    this is one of the most important things today.

    Very bizarre mmmmm………….

  39. Justin Other says:

    What about TMG's firewalling and proxying?

  40. Nirm says:

    Is Microsoft merging all their local stuff to be aligned with Cloud Computing or It is just a usual discontinution?

  41. Thiago says:

    Will we have a new front end firewall from Microsoft?

  42. Pier says:

    Well … now what else in order to publish Exchange CAS and/or Lync ?

  43. Craig - TAM says:

    This post is driving questions from customers who were looking TO Deploy Forefront in the near future… Any additional details to share? If you were the customer, and you wanted to deploy our latest product (with the longest support lifecycle) what is the recommended course of action? Thx!

  44. JP Breton says:

    Sad news…..especially for TMG….such a great product.

  45. ALA says:

    Thats not good!

  46. rkart says:

    How do we publish exchange and web services if TMG 2010 discontinued?

  47. DE says:

    And how can I publish secure MS Exchange 2010/2013 (EAS, OWA, …)?!? Microsoft Edge Server with no Forefront Protection for Exchange?!?

  48. Teffano says:


  49. Are you kidding?!?!? says:

    Microsoft bought Sybari Antigen, arguably the best antivirus software package for Exchange ever, only years later to completely discontinue it? This seems like just another step to try and *force* customers to a Microsoft managed cloud solution versus allowing them to continue running their operations onsite with the tools and services they have come to rely on.

    Really… "better align security and protection solutions with the workloads and applications they protect" means consolidating them not eliminating them.

    This is just another nail in the coffin for us of running Microsoft enterprise solutions on site, of which there are more and more alternatives to every day. You all should really talk to your customers and what they want before you make ridiculous decisions like this…

  50. wth says:

    Bottom Line, Microsoft wants $X per month per user and doesn't care about Enterprise Computing anymore.

  51. WP says:

    Nothing like having to go out and find a new product to start all over again with after with ISA/TMG for so many years.  I wonder what they're going to use to fill in all those Technet web publishing articles that always use TMG as the example.

  52. TMG User says:

    TMG was the only choice on windows systems. Now they will loose TMG customers and server customers because the only real alternative is linux. there is no real unified threat management on windows anymore. this sucks.

  53. Bernd says:

    I do not understand MS, first they turning an ergonomic, nice looking and comfortable Operating system into a ugly and missclored something, and now they stop one of their best products…… Its time to learn more about linux!

  54. Tim says:

    TMG is such a great product. Can't believe… For me the UAG is not a replacing-product.

    Thats the most bad decision you could've made.

  55. Chris says:

    Very nice, and what is plan B for TMG? 🙁

  56. I am Me says:

    Bad decision Microsoft. TMG IS a mature product which gets it right. I remember going to countless TechEd's, conferences etc. where you guys shouted from the roof tops how secure ISA, TMG is / was.

    I'll miss you TMG. I agree with a comment below, if this is the start of my company re-evaluating products then maybe we need to re-evaluate all of our Microsoft product suite, in case the next product we use gets dropped with no viable replacement.

    The other comment about subscription is spot on too, all MS is interested in is a monthly subscription from their users.

    I know, all things change, but this is a change which is not necessary, and one for the worse.

  57. Alex says:

    A great product, sad to see it go.  Ending a product without communicating their strategy in this space (or even coming up with one it would seem) is very poor from Microsoft, however let's remember if has plenty of life left with support through to 2020 and so is still worth deploying where needed.  

    UAG/TMG as separate entities was a mess anyway IMO, a single product would make more sense, perhaps this is what will happen over the next few years once TMG starts to age.  

  58. Microsoft Security Teamleader says:

    Now we have lost the first customer. All of our customers don't want an UAG to Publish Exchange Services. UAG ist to expensive for midrange customers. Will Microsoft loose all midrange Customers? With TMG we have a good Solution for Publishing, Firewalling, Proxy with NIS functionality, Webprotection, VPN Solution…. I have search for  other Firewalls that can filter rpc over https traffic. I Can't find any Solution.

    We have deployd many Celestix MSA Appliances. Is the great Microsoft OEM Partner Celestix now dead?

    Please think about your strategie again. I hope that Microsoft comes back on the right way.

  59. Thomas Vogel says:

    UAG continued and killing TMG ?? … Then UAG does have no future too i think. Bad Bad … can't belive this …

  60. Jim says:

    So…. what are we supposed to use now to front-end OWA?

  61. Korbyn says:

    Not sure what I will do without Forefront for Exchange, I've been an Antigen/Forefront implementer since 6.0, nothing has touched it in 8+ years, shocking.

    TMG I could accept IF they were actually merging in back into UAG and return to the ISA days of merged code.  Separating out the functions out was a huge mistake, not to mention all the EXTREAMLY confusing branding of all these products…

  62. Rob says:

    Juniper SSL VPNs can be used as a reverse proxy for smart card logon to web applications.

  63. Rob says:

    Microsoft has been trying to get out of the network edge business for a while, I actually thought that it was announced a year ago that TMG was not being further developed after this version.  There are plenty of 3rd party vendors with products that fill this gap very well.  I don't think IPv6 was considered when TMG was written, and it would be way too much work for Microsoft to recode it from scratch to support IPv6.  There are many better products out there for Firewalls, Proxies, Reverse Proxies.  It's good that Microsoft is focusing on servers like Exchange, and SharePoint, and letting network vendors handle the networks.  Honestly, anyone really serious about network security would never let TMG on the network as a primary network security device anyway.

  64. Another TMG Fan says:

    Too bad, So I guess we don't have a simple solution to offer to customers instead of using TMG. I would really love to hear what will be the alternative. I don't think this is a good move. If Microsoft does not believe in a product how can we offer it to customers 🙁

  65. Cristian says:

    I think Microsoft has to hear us. Is not posible that Proxy Server 2.0, ISA 2000, ISA 2004, ISA 2006 and TMG, loose their horizon. Is the beginning of something… It sounds like some day we can hear that Windows ends his life, and our Jobs… In the era of cloud services, it is not important what is going on on premises. Buy suscriptions in the cloud, that was all. Bill come back!!!

  66. Danj says:

    We were planning on using Forefront TMG as a key component of an upcoming project, but now we just found out it's discontinued? Can anyone recommend a replacement product that can do web filtering (including HTTPS), RRAS and network-level antivirus?

  67. Tommy Kuhler says:

    In response to Rob:

    Which products do you recommend to migrate to?

    It seems so easy for you, but as some others said, TMG has unique features. Please elaborate on your answer and suggest Products with names!

  68. Me says:

    Is this because of samba4?

  69. UAG user says:

    OK, TMG is discontinued. But UAG is build on top of it……

    I've the impression that some communication is donw, but another one has not be launched yet…..

    Like to known the roadmap for UAG himself, before jumping to conclusions.


  70. HST says:

    Just as I start thinking about Lync EDGE deployment there seems to be no reverse proxy more. Any other suggestions for a Server 2k12 based system? The original idea was to have TMG on 2k12 running and the EDGE server piggybacked via HyperV onto the same machine.

  71. Microsoft Partner says:

    TMG did the job. Actually it did many jobs quite well. So why kill it ? And how can you kill TMG and keep developing UAG, unless of course UAG is to be discontinued next …

  72. Amazed says:

    MS guys, are you crazy? Do you really want to kill TMG 2010, one of the best proxy/firewall products on the market?

    For many years I used MS products to build integrated infrastructure solutions. I have more MS certificates than an Xmas tree has decorations. Should I consider using Linux proxy servers in my projects? Should I consder using other alternatives to MS products as well?.. I wonder if your management staff begin to use bottom body parts for thinking.

  73. WRONG DECISION says:

    You should have killed the stupid UAG, not TMG. TMG was as great a product as pathetic UAG is.

  74. SQUID says:

    Instead of TMG proxy I will use SQUID proxy on linux – it is free 🙂

  75. Cristian says:

    There is no replacement, it did not work and now is out, that' all. Everyone wants we put our information in the cloud, so there is not sense to care about security in our network. There is not communication from Microsoft, just TMG is ended. Buy another thing if you want.

  76. Concerned says:

    Do when will be get a surprise announcement that FIM is getting dropped too. Not sure whether to trust Microsoft if they are not committed to security products for the long haul.

  77. ديرب says:

    لا حول ولا قوة إلا بالله , يعنى بالذمة ده كلام يا مايكروسوفت , ليه بس كده ؟؟ ما البتاع كان شغال زى الفل وبيعمل كل حاجة طب ما انتو كده هتخسروا زباين وبعدين البتاع كان سهل جدا وبسيط وبصراحة كان حلو أوى , دلوقتى احنا بقى نبابليش الحاجات إزاى , بالكوز ؟؟ ما تقولوليش أستخدم ال يو إيه جى ده , ده معقد خالص وكده كده اليو إيه جى مبنى على التى إم جى !!!!! زمان التى إم جى بيعيط دلوقتى

  78. Another TMG Fan says:

    This is just garbage. Why discontinue TMG?

  79. TMGer says:

    TMG proxy and firewalling capabilities were amazing…

  80. Ess says:

    MS, you say it's being supported to April 2020 – then it has to be supported on Windows server 2012,

    and future server products aswell. When will we see that?

  81. Asking Fairness says:

    Dear Microsoft, will you compensate the 3rd party vendors who developed products (e.g. antivirus) to run on top of ISA/TMG and FPSP / Sharepoint? You just pulled their support and the nook reains around their necks.

  82. sysop says:

    I really can´t understand this decision. Ffs Microsoft! What are we expected to use now? A IphoneXX with external nics?

    I'm so disappointed.  🙁

  83. Scott says:

    Why not open source TMG instead of end of life'ing a popular and useful product? Give it back to the community that has supported it for so long. Who's with me? Open Source! Open Source! Open Source!

  84. Fastvue says:

    For those of you wondering what this announcement means for TMG Reporter, please see our announcement here:…/forefront-tmg-end-of-life-announcement

    Essentially, we're still continuing with our product roadmap and remain committed to providing support and updates to TMG customers for at least the remainder of the mainstream support period.

  85. Paul Vincent says:

    Sad, but understandable.

    ISA/TMG was one of Microsofts best products – but… most large corps won't put Msft products on the perimeter. Why? Prejudice.

    Because Microsoft desktop products need patching so often, we don't want to be patching the perimter all the time.

    Nokia & Cisco have had a far worse record for vulnerabilities than ISA, but still large companies distruct Msft. This means limited sales and Msft have eventually realised this battle will not be won and have therefore withdrawn.

    If you want true application awareness then buy Palo Alto, for reverse proxy F5 is hard to beat and Juniper is ubiquitous in the SSL-VPN market.

    a sad announcement by Msft but understandable.

  86. ArifB says:

    Really terrible and very stupid mistake. I can say Microsoft now acknowledge that they just  loose in security battle. Next, they will loose  in Messaging and collaboration battle and  starting from this stupid mistake.

  87. Ricardo says:


    Microsoft forces me to renew Forefront for 3y (the same length of my volume contract), but now I will not be able to use what I have paid with Exchange 2013 or SharePoint 2013?! Will Microsoft give me my money back?

  88. A shame to see TMG disappear... says:

    I guess it is time to get better acquainted with squid.

  89. Orest says:

    It was great line of firewalls

    I was using it from ISA 2000 till TMG, so abset 🙁

  90. RIDICULOUS says:

    UAG can handle reverse proxy and other publishing.  But protecting our network by preventing users from hitting malicious sites, inspecting SSL traffic, etc, that was all TMG, and the main reason we've deployed it.  

    Can anyone name an alternative product that accomplishes the forward proxy and NIS functions of TMG??

  91. William Delgado says:

    Wow. I was not looking forward to reading this. I have been a very proud user of TMG as far back when it was just called ISA. I often laughed at the poor list of features offered by other vendors and how many MORE options I had with my own firewalls. Now I am forced to look at other firewall solutions like Cisco ASA because of this. What a bummer!

  92. Scott Lowe says:

    Microsoft –

    Personally, I think you've made a huge mistake with the discontinuation of TMG.  Many, many SMEs relay heavily on the functionality that this fine product provided and you're leaving customers in a major bind by eliminating it.  While there may be other options, many people want to remain as fully Microsoft as possible and, as of late, you're making that increasingly difficult.

    I realize that the TMG decision is a done deal, but if anyone with any sanity comes back around to rethink it, this is one that should be reversed.


    Scott Lowe

  93. TMG Guru says:

    Been with tmg since isa 2000.  Always defended it when getting into discussions or arguments with "hardware" firewall admins or management.  Now it looks like I have to eat crow. Going to be really embarrassing when it comes up in the next management meeting. Thanks a lot for killing a great product and one of the coolest Microsoft technologies. 🙁

  94. Adam Sobotka says:

    I am sorry for you, ISA developers. You did a good job there.

    Go and make a startup, fund it through the kickstarter and I will be your number one backer.

  95. Eric (on killing TMG) says:

    Almost three weeks have passed since Microsoft dropped this news on this Blog. This news only is bad enough. But this silence since then is even worse, I do not know what to tell my customers.

    Please name us an alternative to do forwarding proxy with integrated authentication (just to name one feature)

  96. Jasper says:

    Got to be kidding me

    Reverse proxy wise UAG is not as future rich as TMG 🙁

  97. Gdhvg says:

    To bad. So we need to go for non-MS Product suite. >5000 Users. As gouvernance and compliance security is stratregic…..

  98. Cristian says:

    Is all about money? Yes, it is. Good bye TMG and to the people who spend time learning and teaching about it. MONEY!!! that's all.

  99. Laurent TERUIN says:

    OK but FPE will be replaced or …. not by another product?

  100. Urs says:

    Very very sad, I love the TMG for its realibility and simplicity. I hope you will change your mind. We will never change on Cloud, neither my Clients want that. If there is no developing on it, I hope it will still be purchaseable for new Clients. UAG is far to expensive for small businesses. TMG was just ok an with argueable features.

  101. FPEUser says:

    FPE was really an amazing product. Almost no SPAM on my company.

    Now, I have to pay more for a third party app to probably have an increase in SPAM?!

    And, as a bonus, my 3y subscription for Forefront Security Suite will be worthless when I move to SharePoint 2013 and Exchange 2013.

  102. Abdelrhman kamal says:

    how can I show sound and Battery in task bar(down in back ground)

  103. AZSt says:

    I do not understand how you can close the development of such a product.

  104. Andreas says:

    Worst decision after Vista & PowerShell. It seems, Microsoft works well for their own end….

  105. Back to squid says:

    Looks like we're going back to squid!

  106. Back to squid says:

    Looks like we're replacing our multiple TMG servers with Squid running on a toaster again.

  107. Mono says:

    What bad idea, the best firewall in this class must go on. MS do something, all firewall deployments will go to linux! And then other systems will follow!

    MS what are you doing? Go back an heare what we need!!!

  108. Master Yoda says:

    my last comment was not published – to bad.

    I don´t understand your step with TMG, it is frustrating. And let me explain one thing: before I recommend one client to go to the cloud, I change my business and leave Microsoft behind – it is easier than you think. Windows 8 is one piece of the puzzle, stopping TMG the other. You will loose a consultant with 20 years of experience and deep knowledge in Exchange and TMG/UAG.

  109. TMark says:

    I can not believe this announcement! I have been using TMG/ISA since 2000 and have not found anything that comes close to it in regards to the areas that people have already mentioned. I am not moving all of my servers to Microsoft's cloud so I am still very much in need of an on-premise solution for almost all of the features that TMG offered. I don't want to cobble together multiple third party solutions to try and make up all that I had in one product. I will not upgrade to Exchange 2013, SharePoint 2013 or Lync 2013 unless I know that they will work through my TMG 2010 box if there won't be another edition.

  110. Dario Colacicco says:

    has anyone a alternative solution?

  111. Just read the "News".... says:

    ….and honestly I have really difficulties to realize any strategy behind it. May it is because I don't have the big Picture as the decision maker may it is because I like this great Piece of Software Engineering to much.

    Microsoft, please be so gentle and share your startegy with us. I am a Microsoft Partner, supporting "our" customers with great Microsoft Solutions INCLUDING a fantastic FW / Reverse Proxy, calling TMG 2010. Should I now go to them and tell them: "Ok, Mr. / Ms. customer, this is it. We both Count on a dead product. Unfortunatly you pay for it based on my consult !"

    They will blow me out of their Office / plant / Location.

    Please, and I REALLY mean PLEASE re-think this decision or share with us (Microsoft Partner) what is the Story behind and what will replace this fantastic product.

    Thanks in advance.


  112. David Attard says:

    Plenty of life left in this product for those who still have TMG. With GFI and other companies pledging support for TMG plugins, no reason for anybody to panic. GFI WebMonitor is a URL filtering and web security plugin which replacemes the MS Web Protection Service and will still be developed and supported for years to come.

    Find more information here:…/no-forefront-tmg-will-gfi-webmonitor-customers-be-affected-2

    David Attard

    Product Manager – GFI WebMonitor

  113. B. says:

    Another sign for the downfall of Microsoft. Soon we all have a MAC and IPhone and Linux or Unix servers. SharePoint will be Google Docs, Exchange something else.

    My point of view is, since Microsoft started in a Garage there was love and commitment to the Product and the Customer.

    Since it is grown so big and everything is "Corporation" there is no love to a Product, there is only "how can we make the most money with less effort and quality". — Standard Corporate decision. We, the customers, are treated like cows. Give Milk, give milk, … or More Money, more Money …

    In My Opinion EVERYBODY should refuse to buy Microsoft Products or use them, because without us, the customers Corporations like Microsoft would be nothing!!!

    That would be the best way to show Microsoft what we want, and the only way they understand because as long we pay them enough, they do with us what they want.

    Wait for it, eventually they discontinue Windows 8 next year because the App Store did not make enough profit (would be understandable because 90% in the App Store is junk anyways).

    As last, who grows fast, will fall faster, or, Microsoft- the next Titanic.

    Have a nice day, especially Microsoft

  114. Josh says:

    We started migrating off TMG 2010 before this announcement.  It is just not really a firewall.  Basic traffic that should have gotten dropped wasn't, computer sets using IP ranges or subnets never worked, and the stability caused our web farm issues.  

    TMG did firewalling for us and web farm load balancing so we had to replace it with two products.  For the firewall, we migrated to a Palo Alto Networks PA-500.  Simply amazing.  Is able to detect application-level traffic, full url filtering, built-in antivirus and an amazing IPS that releases signatures within an hour after new malware appears on the Internet.  For the load balancing/url redirection part, we use ARR (Application Request Routing).  It is free and generally works well.  We are still learning it and taking our lumps but it performs as advertised.  Between Palo Alto Networks and ARR we have a much more robust, feature-rich, secure, and stable web farm.

  115. CarlosB says:

    Really sad, I have been using it since it was just "Proxy Server 2.0"…great maturity for the product since that time…now that this is a very robust product, a very stable and trusted firewall and proxy, and a very simple integration with authentication with AD…now that it is in it's very best moment integrating antivirus/Antispam sollutions…now it is no more. Sad, almost madness.

  116. Sajal Kumar Das says:

    What's the replacement of TMG??? We need to know.

  117. Anonymous says:

    Am 12. September 2012 wurde die Forefront Roadmap zum ersten Mal aktualisiert, heute am 17. Dezember

  118. Anonymous says:

    Pingback from Näkemiin, UAG– oli (toisinaan) mukava tuntea – Onsight Helsinki

  119. Anonymous says:

    Pingback from Näkemiin, UAG– oli (toisinaan) mukava tuntea – Onsight Helsinki

  120. Anonymous says:

    Pingback from Näkemiin, UAG– oli (toisinaan) mukava tuntea – Onsight Helsinki

  121. Anonymous says:

    Pingback from Näkemiin, UAG– oli (toisinaan) mukava tuntea – Onsight Helsinki

  122. Anonymous says:

    Pingback from Adam Rafels – Microsoft officially announces the retirement of Microsoft Unified Access Gateway (UAG)

  123. Anonymous says:

    Back in September of 2012 Microsoft announced that they woul …

  124. Anonymous says:

    Pingback from Important Changes to Forefront Product Roadmaps (FIM, UAG, TMG, FPE,..) | MS Tech BLOG

  125. Anonymous says:

    Analysing Forefront TMG logs

  126. Anonymous says:

    Today, as a result of our effort to better align security and protection solutions with the workloads

  127. Anonymous says:

    Today, as a result of our effort to better align security and protection solutions with the workloads

  128. Anonymous says:

    Pingback from Fin de soporte para UAG y TMG. ¿Que alternativa tengo para Proxy Reverso en Lync 2010/2013? « Microsoft UC en Espa??ol

  129. Anonymous says:

    Today I was working on a customer environment where external users had issues retrieving PowerPoint presentations

  130. Anonymous says:

    Nous attendions avec impatience les nouvelles Roadmap des solutions qui composent la gamme Forefront

  131. Anonymous says:

    Для всех уже давно не секрет, что компания Microsoft объявила о прекращении дальнейшего развития своего продукта Forefront TMG . При этом, продукт стал недоступен к приобретению с 1 декабря 2012 года, основная его поддержка будет прекращена после 14 апреля

  132. Anonymous says:

    En 2014, il est aussi le temps de commencer les migrations pour 2015

  133. Anonymous says:


    Lync Server Web Services are published on Internet via Reverse Proxy. In this article I

Skip to main content