I run TMG as my edge firewall and outbound proxy. Blocks 80 out for selected sites, blocks all traffic in from selected IPs (eg China), allows certain user accountss to all port 80 sites for blocking validation, and can snoop port 80 and (with certs) 443 traffic, blocking based on content.

It is used to publish multiple web sites, listening on a single IP and spraying to a small farm in our perimeter network. By reverse-proxy, no traffic actually enters the perimiter network from the outside.. the TMG accept the request on behalf of the remote client, inspects the payload, makes the request from the internal system and returns the data to the client.

The anti-malware component is free, but the reuptation and deep inspection services run by annual subscription, but are quite reasonably priced.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D