Solved

TMG 2010 with OWA - HTTP Attacks

Posted on 2012-03-13
3
518 Views
Last Modified: 2014-05-17
I have Exchange 2010 SP1 configured with ForeFront TMG 2010.  The TMG 2010 is in my DMZ and is NAT through my WatchGuard Firewall.  

I noticed the other day that I was experiencing a huge amount of traffic to the external IP address, pretty much pegging my 15x15 circuit.  

The only thing that I can do to stop this is to either modify the "Allow Web Access for all Users" policy to "disabled" or "All Authenticated Users" and then the traffic stops.  Is there any other way to block this traffic?  Otherthan just trace the IP's all day?
0
Comment
Question by:IT-Battery
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37716982
TMG is doing its job correctly as I guess you haver used an All Users option in the access rule which is not good practice - it should be authenticated users only for the main http access rule.

What you should have are additional http rules that allow http traffic from other other sources that are not necessarily authenticated so that you are aware of them, the traffic is monitored and all others are blocked.

The TMG is supposed to be configured to match your IT security policy. If you want to set a rule that allows all http traffic - as it sounds like you have now - then TMG will do thatbut you suffer the hit on the connection. If you want to apply rules that control it then you can do this but you will have to understand your traffic flow and apply the rules accordingly.

There is no silver bullet that informs TMG of what you traffic you want it to allow or block, it follows and enforces the rules you set.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question