Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Disabling Logging of Anonymous Traffic (TMG)

Posted on 2011-10-17
11
Medium Priority
?
1,059 Views
Last Modified: 2012-05-12
Hello,

Is there a way to disable the logging of Anonymous traffic in TMG? All of our users who have a web connection have user accounts in AD and have a means of authenticating themselves, so anonymous traffic isn't an interest for us. All the anonymous traffic is getting denied, which is correct, but it is a waste of log space.
0
Comment
Question by:uchelpdesk
  • 5
  • 5
11 Comments
 

Author Comment

by:uchelpdesk
ID: 36981104
This anonymous traffic is expected. I'm not looking for a third party program to do reporting. I just want to be able to prevent anonymous requests from being logged, as it isn't useful information to know. All of our users are authenticated.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36981889
how do you configure the clients ? SecureNAT  with a default gateway ? if so, remove the default gateway ( don't offer it by DHCP ).

SecureNAt clients cant be authenticated on the TMG server, only firewall clients and web-proxy clients.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:uchelpdesk
ID: 36981937
We configure the clients with a GPO that sets the web proxy settings for their machine. So web proxy.

Like I said, the users are not having troubles authenticating. I just want to be able to tell TMG not to log the anonymous traffic that comes with the process of authentication.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36982011
That could not be dont the way that you want, you can't configure TMG to log only authenticated traffic. Either to disable the logging or enable it. what about if someone tried to hack your TMG server ? how can you know the attacker machine if anonymous logs is disabled.

Instead of that you can eliminate the non-authenticated logs, by finding these packets, why clients send it? and stop it from the client side. and that is the idea behned my previos comment.

but again, you always will find such denied packets in logs.
0
 

Author Comment

by:uchelpdesk
ID: 36982047
Here is the problem: The users are using Microsoft Dynamics CRM (web based application). We do not want this internal traffic logged. So, we have set up a rule that allows the users to access the internal CRM server, and chose NOT to log it. But, we still have a bunch of anonymous traffic being logged that gets denied by the first rule on our web policy rules list with the message of:  12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.

And since the users are very active with this internal site, these anonymous requests are coming it very fast and in a huge number. Don't want to log this.

So those are the specifics of my problem.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36982159
I assume the CRM in the internal netowrk and clients are trying to access it internal, so the traffice shuold not be goes through the TMG server.

What type of packets are logged ? netbios broadcasts ? if so, go to NIC properties --> advanced --> wins tab --> disable netbios over tcp/ip.
0
 

Author Comment

by:uchelpdesk
ID: 36982185
Well it is a web based application, and we are using web proxy to enforce the TMG policies. So how can it not go through TMG? The web proxy settings are set in Internet Explorer, and they are accessing the CRM internal website / application.

We are only using the Web Policy features of TMG, not the Firewall policies of other protocols. So we are only filtering based on HTTP, HTTPS, and FTP traffic. So there are no NetBIOS packets being logged. These are simply HTTP GET requests being logged, and a huge amount (all anonymous)
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 1000 total points
ID: 36982243
Add it to the expedition list in the proxy settings -- internet options.
0
 

Author Closing Comment

by:uchelpdesk
ID: 36982300
Ah this is a great idea. Thank you.

Going to use the GPO to configure the IE settings for proxy exceptions for the internal sites.

Thanks!
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36982318
you're most welcome :)

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question