Forefront Threat Management Gateway (TMG) 2010 and Windows Firewall Integration
With previous versions of Microsoft ISA Server running on Windows Server 2003, the Windows Firewall and Internet Connection Sharing (ICS) services were disabled by default.
After installing Microsoft Forefront Threat Management Gateway (TMG) 2010, you may have noticed that the Windows Firewall service is still enabled.
The reason for this is that the TMG Firewall integrates with the local Windows firewall instead of replacing it. This is made possible by the Windows Filtering Platform (WFP) which makes incorporating firewall services in to the operating system’s networking stack much easier. If you take a closer look you will see that TMG is simply a Windows Filtering Platform registrant.
Having the Windows Firewall service running on a TMG firewall is by design. Since TMG depends on the Windows Firewall service for operation, and the Windows Firewall service can be configured via Active Directory Group Policy, there is the potential for conflict that may result in the TMG firewall not working correctly. To avoid this scenario, create a separate OU dedicated to the TMG firewall systems and filter out any GPOs that make changes to the Windows Firewall configuration.
Connect
Richard Hicks' Forefront TMG Blog 
TMG cannot block any IP of an attacker, who try 90 times in 25 second to login on Windows with different user names and passwords. To stop the attacker, I want to add a rule in Windows firewall on TMG server per script automatically. My question is: can the windows firewall rules added by user work well together with the rules created in TMG on a TMG server?
Thanks for any help in advance! I am newer with TMG.
You can certainly automate this process, but it isn’t trivial to configure. I’d suggest having a look at Thor’s Microsoft Security Bible where the author describes in detail a method to automate configuration of TMG firewall access rules in response to certain events, such as you have described.