Solved

TMG 2010 with OWA - HTTP Attacks

Posted on 2012-03-13
3
460 Views
Last Modified: 2014-05-17
I have Exchange 2010 SP1 configured with ForeFront TMG 2010.  The TMG 2010 is in my DMZ and is NAT through my WatchGuard Firewall.  

I noticed the other day that I was experiencing a huge amount of traffic to the external IP address, pretty much pegging my 15x15 circuit.  

The only thing that I can do to stop this is to either modify the "Allow Web Access for all Users" policy to "disabled" or "All Authenticated Users" and then the traffic stops.  Is there any other way to block this traffic?  Otherthan just trace the IP's all day?
0
Comment
Question by:IT-Battery
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37716982
TMG is doing its job correctly as I guess you haver used an All Users option in the access rule which is not good practice - it should be authenticated users only for the main http access rule.

What you should have are additional http rules that allow http traffic from other other sources that are not necessarily authenticated so that you are aware of them, the traffic is monitored and all others are blocked.

The TMG is supposed to be configured to match your IT security policy. If you want to set a rule that allows all http traffic - as it sounds like you have now - then TMG will do thatbut you suffer the hit on the connection. If you want to apply rules that control it then you can do this but you will have to understand your traffic flow and apply the rules accordingly.

There is no silver bullet that informs TMG of what you traffic you want it to allow or block, it follows and enforces the rules you set.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now