Hi Jason, I agree. I think that's warmed over offal from a previous version of the ISA docs. Hoping that they will expunge it in the TMG docs in the future. I've been running the EBS version of the TMG since last December. Let's just say there's a reason why I make it a point to tell people that they shouldn't make any judgements about the product yet, and that it's a work very early in development. :) Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ <http://blogs.isaserver.org/shinder/> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- Microsoft Firewalls (ISA) From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Monday, May 12, 2008 3:13 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] TMG - Separate Forest? Just noticed this in the current TMG documentation...disappointed this old school approach is still recommended L "At the edge, you can install Forefront TMG as a domain member or in workgroup mode. As a domain member, we recommend that you install Forefront TMG in a separate forest (rather than in the internal forest of your corporate network), with a one-way trust to the corporate forest. This may help the internal forest from being compromised, even if an attack is mounted on the forest of the Forefront TMG computer. There are some limitations with this deployment. For example, you can configure client certificate authentication only for users defined in the Forefront TMG domain, and not for users in the corporate internal domain or forest." You guys spent much time looking at TMG yet? JJ ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error, or if you believe this email is unsolicited and wish to be removed from any future mailings, please contact our Support Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx If this email contains a quotation then unless otherwise stated it is valid for 7 days and offered subject to Silversands Professional Services Terms and Conditions, a copy of which is available on request. Any pricing information, design information or information concerning specific Silversands' staff contained in this email is considered confidential or of commercial interest and exempt from the Freedom of Information Act 2000. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. Company Registration Number : 2141393.