Solved

TMG 2010 with OWA - HTTP Attacks

Posted on 2012-03-13
3
496 Views
Last Modified: 2014-05-17
I have Exchange 2010 SP1 configured with ForeFront TMG 2010.  The TMG 2010 is in my DMZ and is NAT through my WatchGuard Firewall.  

I noticed the other day that I was experiencing a huge amount of traffic to the external IP address, pretty much pegging my 15x15 circuit.  

The only thing that I can do to stop this is to either modify the "Allow Web Access for all Users" policy to "disabled" or "All Authenticated Users" and then the traffic stops.  Is there any other way to block this traffic?  Otherthan just trace the IP's all day?
0
Comment
Question by:IT-Battery
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37716982
TMG is doing its job correctly as I guess you haver used an All Users option in the access rule which is not good practice - it should be authenticated users only for the main http access rule.

What you should have are additional http rules that allow http traffic from other other sources that are not necessarily authenticated so that you are aware of them, the traffic is monitored and all others are blocked.

The TMG is supposed to be configured to match your IT security policy. If you want to set a rule that allows all http traffic - as it sounds like you have now - then TMG will do thatbut you suffer the hit on the connection. If you want to apply rules that control it then you can do this but you will have to understand your traffic flow and apply the rules accordingly.

There is no silver bullet that informs TMG of what you traffic you want it to allow or block, it follows and enforces the rules you set.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question