It hasn't been on sale since January.
Link to ms blog about changes in ff: blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx

Yes, unfortunately TMG ordered to live a long time, it makes no sense to do a new installation.
But in fairness, from what you want:
1. Traffic accounting is not supported (something can be heaped up through the reporting system, but you can’t call it real traffic accounting), shaping and quoting. But: there are inexpensive third-party products that support everything you need.
2. There are ready-made "dynamic rules", mainly to protect against flooding. But where there are no people ready to create their own, it is problematic.
The rest is there, including selective logging, and is implemented conveniently.
It's hard to compare with Linux solutions, because there is no ready-made solution for Linux of this level, what can be piled up from iptables and squid will have very approximately similar functionality with a very curly configuration and depend heavily on it. The performance of TMG is also highly dependent on the rules used, the use of VPNs and encryption. If, for example, you are not interested in content processing at all and you can turn off web filters, then the processor load on a 100-megabit external stream is not high. With web filters and anti-virus checking, you can hit the ceiling on 40-50 megabits of external traffic to the server.

In my experience, TMG has one advantage - it is the ability to separate Internet access by user and application without being tied to IP. Those. TMG is useful when you need to be able to take into account and restrict Internet access (by protocols) for users working on a terminal server or block Internet access from a certain type of application.
This is where the benefits of the product end. Of your requirements, TMG does not know how to do this:
- shaping and quoting traffic by users, and its basic reporting is, to put it mildly, so-so,
- dynamic rules based on network activity (ala fail2ban)
- only logs everything in a row (and this is a disaster when your channel is over 10 Mbps)
Further from real complaints about TMG, based on my experience with it:
1) Where PPTP worked stably on a simple RRAS, after installing TMG, PPTP may simply not work after loading the server - you need to additionally restart the TMG service (restarting RRAS does not help).
2) For IPSEC, there are no means of controlling its operation / loading, not to mention at least some minimal diagnostic tools. Those. you simply cannot even see what uptime your tunnel has. With some hardware routers, IPSEC with TMG simply does not install.
3) Yes, configuration changes are often applied on the fly, without interrupting current sessions, but if the server is loaded, then the rules can be applied for several minutes, without understanding at all when they will actually be applied - during this time there is already a desire to do it all over again "to correct".
4) The abundance of all sorts of filters, add-ons, etc., included by default, explode the brain when solving another simple network problem. Disabling them often leads to completely unexpected results. The opacity of the functioning of this mechanism as a whole in seemingly fairly simple tasks gives rise to a bunch of conjectures that make you seriously doubt your knowledge of network technologies.

What will happen between TMG and the Internet?

look towards Kerio