Interoperability with BranchCache solution guide

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)


Forefront TMG2010 Service Pack 1 (SP1) provides simplified deployment of BranchCache at the branch office, using Forefront TMG as the BranchCache Hosted Cache server. For information on planning and configuring BranchCache in SP1, see Planning for BranchCache (SP1) and Configuring BranchCache in Forefront TMG (SP1).

This solution guide addresses the interoperability of Forefront TMG and BranchCache, a feature of Windows 7 and Windows Server 2008 R2 that enables Web content on a wide area network (WAN) to be cached on computers at a local branch office, thus improving application response time and reducing WAN traffic.

Branch administrators who want to consolidate multiple networking, access, protection, and caching solutions, on a single host, can deploy Forefront TMG and BranchCache together:

  • Forefront TMG provides for the caching of Internet traffic from direct Internet access or an upstream Forefront TMG Proxy located at headquarters.

  • BranchCache provides for the caching of line-of-business HTTP/1.1, HTTPS/1.1, BITS, SMB2.1 (including SMB 2.1 signing) applications – even when used with IPsec.

Forefront TMG also provides:

  • Secure web-access via anti-malware, URL filtering and HTTPS inspection.

  • Firewall and Network Inspection System (NIS).

  • Reverse proxy (web-publishing) of web-applications at the branch.

  • Site-to-site VPN.

  • Roaming-user VPN.

Deploying Forefront TMG and BranchCache

To eliminate any issues that are not related to Forefront TMG and BranchCache interoperation, you should validate that BranchCache and Forefront TMG each work as expected, while the other is disabled.


For information about deploying BranchCache, read the BranchCache Deployment Guide (


There are two main scenarios for the interoperability of Forefront TMG and BranchCache:

More information