Configuring Web publishing: Overview
Applies To: Forefront Threat Management Gateway (TMG)
Forefront TMG Web publishing makes Web content securely available to groups of users or to all users who send requests to your organization from the Internet. The Web content requested is typically stored on Web servers in the Internal network or in a perimeter network (also known as a screened subnet or a demilitarized zone (DMZ)).
With Web publishing rules, you can allow or deny requests based on defined access policies. You can restrict access to specified users, computers, or networks, require user authentication, and inspect the traffic. Content caching enables Forefront TMG to cache Web content and to respond to user requests from the cache without forwarding the requests downstream to the published Web server. Web publishing rules have many features, including the following:
Mapping requests to specific internal paths to limit the portions of your Web servers that can be accessed.
Delegation of user credentials for authenticating Forefront TMG to the Web server after authentication by Forefront TMG, without requiring users to supply their credentials for a second time.
Link translation for replacing internal host names and paths in Web content with public names and external paths.
Secure Sockets Layer (SSL) bridging, which enables Forefront TMG to inspect incoming HTTPS requests and then forward them to the Web server over an encrypted SSL channel.
Load balancing of client requests among the Web servers in a server farm, with maintenance of client affinity for increased availability and improved performance.
For more background information about the settings in Web publishing rules, see Planning for publishing.