When performing a migration from ISA 2000 to Forefront TMG, I set up the perimeter networks as part of the “perimeter” network object. I ran into a problem when I went to create server publishing rules. They did not work. I had to remove the subnets from the perimeter group so that the network interface would show up as part of the “external” network object. Once the addresses on the outside interface were in the “external” network object, I was able to successfully create server publishing rules.
Also, Forefront TMG now allows the published port to be different from the port on the internal server. This is useful when creating publishing rules for multiple RDP servers, for example.