Microsoft TMG Replacement Blues?

Microsoft has discontinued Forefront Unified Access Gateway (UAG) and Forefront Threat Management Gateway (TMG), solutions for remote application access control, security and optimization. Microsoft UAG/TMG evolved over many years to integrate multiple functions to protect Microsoft applications. It is a key component of several Microsoft application deployments including Microsoft Exchange, SharePoint and Lync. However, the TMG and UAG deployments are not limited to protecting Microsoft applications.

Securing web applications accessible over the web is a complex task. A compromise may lead to a significant performance hit to the application, especially when under an attack that may impact business, or worse, security breaches.


As these products approach their end of support (April 2020), a common question from customers is “What do I do to secure my Microsoft Exchange or SharePoint deployment?” Although some of the security functions are integrated into new Microsoft products, there is no direct replacement of TMG and UAG from Microsoft.

TMG and UAG protect Microsoft applications and users from cyber threats by integrating several security functions such as SSL encryption and decryption, application security and aspects of malware protection such as filtering security exploits and vulnerabilities, in addition to network functions such as routing, and network performance features such as compression and caching.

So, trying to find an enterprise-grade replacement, integrating many complex aspects of evolving application security, all of them in an integrated solution, makes the replacement very challenging. Microsoft TMG customers need to deploy a replacement that can, at a minimum, provide the same level of functionality and protection for Microsoft applications in internet facing scenarios, but should also address the next generation of cloud-based applications.

[You might also like: Microsoft TMG EOL Got You Down? Here are Options for Replacements]

To replace Microsoft TMG and UAG, enterprises need to consider several important factors that will help maintain the existing functionality provided by Microsoft TMG, while minimizing network and application configuration changes. Such considerations include:

1. Integrated functionality: the TMG replacement solution must provide the same, if not better, set of functionality, including routing, security and performance enhancement, in a simple package that can be managed centrally.

2. Scalability: a TMG replacement solution must provide simple and cost effective scalability to allow future expansion, both for traffic capacity and number of applications supported. It needs to minimize the amount of effort required to upgrade the solution.

3. Network topology: TMG protects both the front-end application servers typically located in the DMZ, as well as the backend servers that are typically deployed inside the organization’s private LAN. The security functionality needs to be provided at both ends of the network.

As you look for replacement solutions, you’ll need to evaluate the functionality of Microsoft UAG or TMG in use and assess your needs for securing multiple applications – whether they are on premise or in the cloud, the experience you’d like your users to receive, such as single sign on (SSO) as well as how these replacement solution will be managed.

For more details:

Upgrade Enterprise Application Security with Alteon NG

Alteon NG Application Delivery Controller/Load Balancer


Read “Keep It Simple; Make It Scalable: 6 Characteristics of the Futureproof Load Balancer” to learn more.

Download Now

Prakash Sinha

Prakash Sinha is a technology executive and evangelist for Radware and brings over 29 years of experience in strategy, product management, product marketing and engineering. Prakash has been a part of executive teams of four software and network infrastructure startups, all of which were acquired. Before Radware, Prakash led product management for Citrix NetScaler and was instrumental in introducing multi-tenant and virtualized NetScaler product lines to market. Prior to Citrix, Prakash held leadership positions in architecture, engineering, and product management at leading technology companies such as Cisco, Informatica, and Tandem Computers. Prakash holds a Bachelor in Electrical Engineering from BIT, Mesra and an MBA from Haas School of Business at UC Berkeley.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center