I did not add tags myself, some points are not clear from your question

acting as a firewall between the local network and the outside world

add proxy tag, you will be advised

gateway

- tags routing, NAT

DNS servers for various external and internal sites (which are also forwarded through Forefront to the outside)

But here it’s not clear, this is only a DNS server (which answers DNS requests from the outside world), DNS overlap (when domain names of the same zone respond with different addresses in the internal network and external network) or has nothing special to do with DNS at all - it’s just forwarding sites in the local network \ dmz outside, for access via the Internet - reverse proxy tag

Forefront is directly accessed by two providers from the outside

- TMG deals with routing and switching network connections when unavailable, you need a solution that can do this automatically, right?
And the final question: do you want all-in-one or are you ready to look at a set of solutions?
For example, if we take a set of different solutions for each situation on linux
proxy - squid
reverse proxy - nginx , haproxy
DNS server - bind
, routing can be done with built-in OS tools, determining channel unavailability and switching - with scripts.

Look at this plate.
https://tssolution.ru/blog/zamena-microsoft-tmg
However, pfSense is also not bad
Maybe you should look towards Cisco ASA