With Microsoft retiring its Forefront Threat Management Gateway (TMG) product, many are wondering if Microsoft Unified Access Gateway (UAG) might be a suitable replacement.
This question is understandable because the two products offer some of the same capabilities, and Microsoft generally doesn’t do a great job of differentiating them.
However, the simple answer is: No.
UAG and TMG do share some remote access features: their ability to add a layer of security to publishing Exchange, SharePoint, and other services to the Internet. However, TMG also offers a broad set of firewall, web and email security features that UAG doesn’t. Simply put, UAG offers no protection for users on the internal network like TMG does.
Even if you’re only using the reverse proxy capabilities of TMG, a move to UAG may only be temporary. Earlier this year, Microsoft deprecated a number of UAG features in SP3, recommending that customers use similar capabilities in Windows Server products instead.
Forefront as a business for Microsoft is all but gone. Microsoft is clearly reducing investment in UAG as well. The company’s strategy seems to be to move responsibility for security back to the product teams, reducing the focus on their security business in the process.
So what’s the bottom line? Your best solution for replacing Microsoft TMG is to upgrade to a unified protection solution with a rich set of network protection features that’s simple to manage. Check out our TMG Replacement Guide for more information on how to find an alternative to TMG.
And see what industry experts are saying about Sophos UTM as a replacement for TMG:
- Deb Shinder at ISAserver.org: “Life after TMG: Considering Sophos UTM as a TMG Replacement”
- Jorn Lutters at Winsec.nl: “Securing the edge in a post-TMG world“