Integrating Forcepoint URL Filtering with TMG

Applies to:
Forcepoint URL Filtering, v8.5.x

Forcepoint URL Filtering can be integrated with Microsoft Forefront™ Threat Management Gateway (TMG).

Refer to Installation Instructions: Forcepoint URL Filtering as your primary source of installation instructions. Only additional or alternate steps required to enable TMG integration are provided here.

An integration with TMG affects the following web protection components:

ISAPI Filter plug-in: This additional component is installed on the machine running TMG. The ISAPI Filter plug-in configures TMG to communicate with Filtering Service.
Filtering Service: Interacts with TMG and Network Agent to manage Internet requests. Filtering Service either permits the Internet request or sends an appropriate block message to the user.
After the Filtering Service is installed, the ISAPI Filter plug-in must be installed on every TMG machine in your network.
Network Agent: Manages Internet protocols that are not handled by TMG. Network Agent also enables bandwidth-based request management.

If your environment includes an array of TMG machines, install Forcepoint URL Filtering components on a machine outside the array.

When TMG receives an Internet request from a user, it passes the request to Filtering Service, which determines the category assigned to the URL and checks the policy assigned to the client.

If the site is assigned to a blocked category, the client receives a block page instead of the requested site.
If the site is assigned to a permitted category, Filtering Service notifies TMG that the site is not blocked, and the client is given access to the site.