Disabling Logging of Anonymous Traffic (TMG)


Is there a way to disable the logging of Anonymous traffic in TMG? All of our users who have a web connection have user accounts in AD and have a means of authenticating themselves, so anonymous traffic isn't an interest for us. All the anonymous traffic is getting denied, which is correct, but it is a waste of log space.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

uchelpdeskAuthor Commented:
This anonymous traffic is expected. I'm not looking for a third party program to do reporting. I just want to be able to prevent anonymous requests from being logged, as it isn't useful information to know. All of our users are authenticated.
Suliman Abu KharroubIT Consultant Commented:
how do you configure the clients ? SecureNAT  with a default gateway ? if so, remove the default gateway ( don't offer it by DHCP ).

SecureNAt clients cant be authenticated on the TMG server, only firewall clients and web-proxy clients.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

uchelpdeskAuthor Commented:
We configure the clients with a GPO that sets the web proxy settings for their machine. So web proxy.

Like I said, the users are not having troubles authenticating. I just want to be able to tell TMG not to log the anonymous traffic that comes with the process of authentication.
Suliman Abu KharroubIT Consultant Commented:
That could not be dont the way that you want, you can't configure TMG to log only authenticated traffic. Either to disable the logging or enable it. what about if someone tried to hack your TMG server ? how can you know the attacker machine if anonymous logs is disabled.

Instead of that you can eliminate the non-authenticated logs, by finding these packets, why clients send it? and stop it from the client side. and that is the idea behned my previos comment.

but again, you always will find such denied packets in logs.
uchelpdeskAuthor Commented:
Here is the problem: The users are using Microsoft Dynamics CRM (web based application). We do not want this internal traffic logged. So, we have set up a rule that allows the users to access the internal CRM server, and chose NOT to log it. But, we still have a bunch of anonymous traffic being logged that gets denied by the first rule on our web policy rules list with the message of:  12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.

And since the users are very active with this internal site, these anonymous requests are coming it very fast and in a huge number. Don't want to log this.

So those are the specifics of my problem.
Suliman Abu KharroubIT Consultant Commented:
I assume the CRM in the internal netowrk and clients are trying to access it internal, so the traffice shuold not be goes through the TMG server.

What type of packets are logged ? netbios broadcasts ? if so, go to NIC properties --> advanced --> wins tab --> disable netbios over tcp/ip.
uchelpdeskAuthor Commented:
Well it is a web based application, and we are using web proxy to enforce the TMG policies. So how can it not go through TMG? The web proxy settings are set in Internet Explorer, and they are accessing the CRM internal website / application.

We are only using the Web Policy features of TMG, not the Firewall policies of other protocols. So we are only filtering based on HTTP, HTTPS, and FTP traffic. So there are no NetBIOS packets being logged. These are simply HTTP GET requests being logged, and a huge amount (all anonymous)
Suliman Abu KharroubIT Consultant Commented:
Add it to the expedition list in the proxy settings -- internet options.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
uchelpdeskAuthor Commented:
Ah this is a great idea. Thank you.

Going to use the GPO to configure the IE settings for proxy exceptions for the internal sites.

Suliman Abu KharroubIT Consultant Commented:
you're most welcome :)

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.