Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

TMG 2010 with OWA - HTTP Attacks

Posted on 2012-03-13
3
Medium Priority
?
533 Views
Last Modified: 2014-05-17
I have Exchange 2010 SP1 configured with ForeFront TMG 2010.  The TMG 2010 is in my DMZ and is NAT through my WatchGuard Firewall.  

I noticed the other day that I was experiencing a huge amount of traffic to the external IP address, pretty much pegging my 15x15 circuit.  

The only thing that I can do to stop this is to either modify the "Allow Web Access for all Users" policy to "disabled" or "All Authenticated Users" and then the traffic stops.  Is there any other way to block this traffic?  Otherthan just trace the IP's all day?
0
Comment
Question by:IT-Battery
1 Comment
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 37716982
TMG is doing its job correctly as I guess you haver used an All Users option in the access rule which is not good practice - it should be authenticated users only for the main http access rule.

What you should have are additional http rules that allow http traffic from other other sources that are not necessarily authenticated so that you are aware of them, the traffic is monitored and all others are blocked.

The TMG is supposed to be configured to match your IT security policy. If you want to set a rule that allows all http traffic - as it sounds like you have now - then TMG will do thatbut you suffer the hit on the connection. If you want to apply rules that control it then you can do this but you will have to understand your traffic flow and apply the rules accordingly.

There is no silver bullet that informs TMG of what you traffic you want it to allow or block, it follows and enforces the rules you set.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question