We help IT Professionals succeed at work.

How to improve memory performance of Forefront TMG

I have setup Forefront TMG enterprise edition as gateway in office. The server is so far functioning very well however with required rules, however was just wondering if i can further improve the performance, the server is 64bit with 8 GB memory however the TMG itself uses 2 GB only and hiting high as observed from the session details (below is the screenshot). I will be pleased to have views on experts improving the performance further. Screenshot of TMG usage
Comment
Watch Question

Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
Is the Server OS and the TMG fully patched up? TMG - for example - is now SP2 but be aware that there is a strict process and order needed to apply it, you cannot just deploy SP2 straight on to a TMG box.
What is in the TMG Enterprise? Single node? Seperate EMS server? Multuple arrays?
Where are you storing the CSS - on the node or on a separate Manager?
Where are you logging to - the node or to a separate SQL instance?
Is TMG also being used as part of an integrated Exchange environment (Exchange service run on the TMG configuration as opposed to just email passing through TMG)?
What else - if anything - is installed on the TMG?
Keith AlabasterEnterprise Architect
Top Expert 2008
Commented:
Additionally, you may want to check your rules. TMG sequences its rules from top down so - where possible - you want to ensure that the most common protocols - DNS traffic for example - are as close to the top as possible.

Futher, make sure you have turned off all unnecessary elements. Netbeui/wins etc are not needed on TMG external nics. Another common problem is that people mistakenly set up TMG as being a DNS server. Ludicrous but they do. TMG does not support IPv6 either so you can remove this protocol from the NIC network stack.

Lastly, check out my article on the correct basics - you'd be surprised at the alternatives I come across.
http://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html?sfQueryTermInfo=1+30+alabast+keith

Author

Commented:
Is the Server OS and the TMG fully patched up? TMG - for example - is now SP2 but be aware that there is a strict process and order needed to apply it, you cannot just deploy SP2 straight on to a TMG box.

We have compiled TMG SP2 some days ago.

1. What is in the TMG Enterprise? Single node? Seperate EMS server? Multuple arrays?

Single node

2. Where are you storing the CSS - on the node or on a separate Manager?
On the node

3. Where are you logging to - the node or to a separate SQL instance?

 To the node

4. Is TMG also being used as part of an integrated Exchange environment (Exchange service run on the TMG configuration as opposed to just email passing through TMG)?

 No

5. What else - if anything - is installed on the TMG?

No third party software is installed for TMG in OS and only URL filtration is enable.
Malware inspection and Network Inspection is disabled  

Author

Commented:
DNS is already the first rule and unneeded  protocols are removed from external NIC too.
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
Suprised you have disabled NIS et al - this is a key component of TMG (and part of the reason why the Forefront product is not the cheapest on the market but is the best product available by a long way).
How much memory is the SQL Service allowed to use? Check in the Task Manager for the running processes and advise on the top memory consumers.

Author

Commented:
we have disabled the NIS the reason is we have corporate firewalls on another side of proxy and also i observed performance was getting slow. SQL services is using  2.5 GB memory currently.
Enterprise Architect
Top Expert 2008
Commented:
With the spec of the machine you mention, virtualised or not, I would be able to happily run a good few thousand users through it. How many do you have? What is the equipment either side of the TMG? I guess you have already checked that taking TMG outside of the loop sped the system up to a level acceptable?

OK - can you run up the TMG best practice analyser and post what it reports - you can get it from here?
http://www.microsoft.com/download/en/details.aspx?id=17730

Also the TMG performance monitor is installed along with the TMG product. If you load up the various pre-defined TMG counter sets, is there anything that REALLY sticks out - besides your initial post?
Sorry for all the questions but TMG has been called a lot of things but never slow....

Author

Commented:
I have about 150 users, TMG outside adapted is connected to DMZ and inside to LAN. I am already using Best practice analyzer i have not notice any issue showing.  however i have post pic of analyzer and performance monitor .


 Analyzer result tmg performace count tmg performace count
Commented:
You may want to investigate Windows Resource Manager.  I don't know specifically about TMG though.

http://technet.microsoft.com/en-us/library/cc755056.aspx

http://technet.microsoft.com/en-us/library/cc754150.aspx

Author

Commented:
I didn't found any acceptable answer and the question got expired.