• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

TMG 2010 with OWA - HTTP Attacks

I have Exchange 2010 SP1 configured with ForeFront TMG 2010.  The TMG 2010 is in my DMZ and is NAT through my WatchGuard Firewall.  

I noticed the other day that I was experiencing a huge amount of traffic to the external IP address, pretty much pegging my 15x15 circuit.  

The only thing that I can do to stop this is to either modify the "Allow Web Access for all Users" policy to "disabled" or "All Authenticated Users" and then the traffic stops.  Is there any other way to block this traffic?  Otherthan just trace the IP's all day?
0
IT-Battery
Asked:
IT-Battery
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
TMG is doing its job correctly as I guess you haver used an All Users option in the access rule which is not good practice - it should be authenticated users only for the main http access rule.

What you should have are additional http rules that allow http traffic from other other sources that are not necessarily authenticated so that you are aware of them, the traffic is monitored and all others are blocked.

The TMG is supposed to be configured to match your IT security policy. If you want to set a rule that allows all http traffic - as it sounds like you have now - then TMG will do thatbut you suffer the hit on the connection. If you want to apply rules that control it then you can do this but you will have to understand your traffic flow and apply the rules accordingly.

There is no silver bullet that informs TMG of what you traffic you want it to allow or block, it follows and enforces the rules you set.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now