Planning for updates of protection definitions
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
Some Forefront TMG protection mechanisms use Microsoft product updates to keep protection definitions constantly updated. These include:
E-mail antivirus and anti-spam protection. For information, see Planning to protect against e-mail threats.
Malware inspection. For information, see Planning to protect against malicious web content.
Network Inspection System (NIS). For information, see Planning to protect against known vulnerabilities.
Updated definition files are provided by Microsoft Update and are subject to licensing. For licensing information, see How to Buy (https://go.microsoft.com/fwlink/?LinkId=179848).
You can select to update definition files by either of the following methods:
Microsoft Update—Updates that are released through Microsoft Update are installed on the Forefront TMG computer.
Windows Server Update Services (WSUS)—For Forefront TMG arrays, you can deploy WSUS in the network where Forefront TMG is deployed. A single server downloads the updates that are released through Microsoft Update, and distributes the updates to all the Forefront TMG computers in the network. This is the recommended update method for Forefront TMG arrays, because it provides centralize management, and saves time and network bandwidth. For more information, see Microsoft Windows Server Update Services 3.0 Overview (https://go.microsoft.com/fwlink/?LinkId=108173).
Note
- You can select to use Microsoft Update if the update from WSUS fails.
- If you join a production Forefront TMG server to an array, download the updates onto the server before joining it to the array.
- You can select to use Microsoft Update if the update from WSUS fails.
Related Topics
Concepts
Managing definition updates for Forefront TMG
Protection design guide for Forefront TMG