Solved

TMG stops responding.

Posted on 2012-03-10
9
843 Views
Last Modified: 2012-04-17
I have a TMG configured as edge firewall internal and external network after a day or to day it stops responding I cannot ping it and when try to login locally it hangs at welcome screen but when I plug cable out and in from external and internal network it works again or I can restart TMG then it works again (it run fine for about 1 to 3 days) I also reloaded TMG installed all latest updates and made firmware upgrade on server.
HP Dl 380 G5
6GB RAM
Dual Core CPU
Windows 2008R2
I’m running out of ideas any advice
0
Comment
Question by:jacksch4820
  • 4
  • 4
9 Comments
 
LVL 10

Assisted Solution

by:Bawer
Bawer earned 250 total points
ID: 37704835
Had similar issue and found that rules were not configured correctly, please let me know about the rules.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 250 total points
ID: 37706255
Any alerts in the monitoring tab ? like sync attack.
0
 

Author Comment

by:jacksch4820
ID: 37708514
Please see attachment for rules.
After reloading TMG I did not import any rules from backup setup rules manually again.
No alerts in the monitoring tab like sync attack.
TMG-Rules.jpg
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 10

Expert Comment

by:Bawer
ID: 37709117
Download IsaBPA and see what alerts does it shows ?
Does it show any alert on MS server "event viewer" ?
0
 

Author Comment

by:jacksch4820
ID: 37709213
No errors in MS event viewer
Only error I get in IsaBPA is:
The security descriptor of a logging folder does not grant sufficient rights.

I disabled safeseach and removed the access rule I also disabled flood migration.
Will monitor again and see.
Any other ideas
0
 
LVL 10

Expert Comment

by:Bawer
ID: 37709327
Good have you modified any user right over C:\ drive ?
0
 

Author Comment

by:jacksch4820
ID: 37709336
no
0
 
LVL 10

Expert Comment

by:Bawer
ID: 37713193
1. ( http://blogs.technet.com/b/isablog/archive/2008/09/08/isa-administrative-roles-ntfs-and-registry-permissions.aspx ) can help you in fixing granting access.

2. go to "sql server configuration manager" then "sql server network configuration"
then "protocols for MSFW" then " TCP/IP" then "Ip Adresses Tab " check whether your TMG ip address matches the value typed in there and as well as do the same steps on "protocols for ISARS" which is below this tab.
0
 

Author Comment

by:jacksch4820
ID: 37713532
I notice something interesting yesterday.
I’m running performance monitor and tcpviewer on TMG and a timeless ping to tmg from a workstation.
Yesterday evening I noticed internet did not work for about a 1 minute where I notice internet is not working I RDP to server and swa in tcpviewer  some syn_sent and syn_reciveed I did not see it where internet was working only where internet dropped for about 1 minute rdp session also kind of stop responding for about 5 seconds just black but timeless ping was still running with no problem.
For me it looks like TCP syn Flood nothing in in alert tap on tmg but mitigation flood attack is turned off But where mitigation flood attack was on nothing was in tmg alerts tap about syn.
Log traffic blocked by flood mitigation settings is clicked

Any ideas/advice.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
isa 2006 pptp & l2tp & pre-shared key 13 836
SIP/VoIP being blocked through Forefront TMG 4 1,440
Public Name tab under TMG Firewall Policy 2 822
ActiveSync issues 16 151
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question