Microsoft ISA Server or Forefront TMG

A Microsoft Internet Security and Acceleration (ISA) Server or Forefront Threat Management Gateway (TMG) server can be deployed as a downstream proxy with Forcepoint Web Security Cloud. You can configure proxy chaining in the following ways:

Basic chaining: The ISA server does not perform any authentication before forwarding requests to the cloud proxy. The cloud proxy can perform manual authentication only.
NTLM pass-through: The ISA server is aware of a requirement for NTLM identification but takes no part in the authentication, forwarding requests to the cloud proxy which then performs NTLM identification.
X-Authenticated-User: The ISA server performs user authentication and forwards requests to the cloud proxy using the X-Authenticated-User header.

In this guide, “ISA/TMG” refers to ISA Server and Forefront TMG collectively. When instructions or information differ for the two products, they are referred to specifically as “ISA Server” or “Forefront TMG”.