TMG as next generation product version of ISA was RTM release last month. IT can help to protect your it enironment more securty and powerful. there are 3 functions, https inspection , URL filtering, Malware inspection.
Phase 1 – Client Request
- Client connects to the TMG Web proxy listener.
- Client issues an SSL tunnel request: CONNECT malicious.contoso.com:443 HTTP/1.1.
- TMG resolves malicious.contoso.com to IP address 188.8.131.52.
- TMG connects to 184.108.40.206 on TCP port 443.
- TMG negotiates an SSL connection with the server and evaluates the certificate.
- If the certificate is valid and trusted, TMG responds “200 OK” to the client.
Phase 2 – Encrypted conversation with Inspection
- Client and TMG exchange SSL handshake messages, encryption keys and certificates. Note that because TMG builds a server certificate using information derived from the Web server certificate, the client believes it is communicating with the Web server.
- Client now has an encrypted tunnel with Forefront TMG and Forefront TMG has an encrypted tunnel with the destination server. Forefront TMG will be able to inspect all traffic sent between client and server by following this sequence:
a) TMG receives and decrypts the encrypted traffic from the destination server.
b) TMG applies Malware Inspection and NIS filters to the traffic.
c) If the malware and NIS filters allow, TMG will encrypt the results and send it to the client workstation.
d) Client will receive, decrypt and process the traffic
for more information, see the article http://technet.microsoft.com/en-us/ff472472.aspx