• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4045
  • Last Modified:

Monitor VPN connections (clients) in TMG 2010

Hi All,

I have Microsoft Server 2008 R2 with TMG 2010 in DMZ, configured VPN access for network users.
I need to monitor all VPN connections with traffic used by users.
TMG 2010 have no tolls for monitoring VPN usage.
How can i do it ?

Thanks!
0
Tamooz
Asked:
Tamooz
  • 13
  • 10
  • 4
1 Solution
 
XaelianCommented:
Hi, Take a look at the following: http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/ff12889e-5f2a-4f98-984d-bf92bc4735f2/ it even had a vbs for it. Hope it's usefull.
0
 
TamoozAuthor Commented:
Hi,

May be Microsoft have some little bit easy way to monitoring vpn connections in TMG?
You know, like in Astaro FW system. Why Microsoft can't configure for administrators so important service(report).
0
 
XaelianCommented:
Have you configured the VPN with TMG? Then you can use a build-in function of TMG. It has it, going to check the name on the TMG of a client of mine.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
XaelianCommented:
http://technet.microsoft.com/en-us/library/cc441589.aspx

You can take a look at this? We die it like this at a client.
0
 
TamoozAuthor Commented:
Yes, it's configured and working. I have reports from tmg and can see connected users in real time.
But i can't see connections i past, how many connections was in some user. How many traffic was used.
0
 
TamoozAuthor Commented:
0
 
XaelianCommented:
Ah Ok, I thought you wanted real life monitoring. You can enable logging on TMG and take a look at this.

If this does't contain all info you needed. You need to setup an advanced monitoringserver. The logging of TmG is good, but you can't see everything.
0
 
TamoozAuthor Commented:
The logging of TmG is good, but you can't see everything.
Yes, you are write.
So, how can i setup this advanced monitoring server?
0
 
XaelianCommented:
3rd party software. The only monitoringserver I use except build in windows is Cacti. I'll see if I can find something, you actually need a layer on top of TMG .

Cisco has such advanced logging, but then you need to configure the vpn on the cisco router.
0
 
TamoozAuthor Commented:
The only monitoringserver I use except build in windows is Cacti
Thanks, i will try this Cacti.

Cisco has such advanced logging, but then you need to configure the vpn on the cisco router.
I can configure vpn in my Astaro FW and use wonderful reports of Astaro, but vpn service in TMG working much better and faster.
0
 
XaelianCommented:
Oh you got an astaro firewall. Ok they got the same advanced logging as cisco. But yes, if you got a TMG, you better use it for better performance. Cacti is great, easy installable, but out of the box, it doesn't have a lot features. But you can extend it features with all sorts of plugins. That maken cacti imo the better open source monitoring server.
0
 
TamoozAuthor Commented:
may be you can recommend some other 3rd monitor application?
0
 
XaelianCommented:
0
 
TamoozAuthor Commented:
ok, thank you very much!

I have this :
Application usage log from my TMG 2010
How can i see witch computer use this "Zezebra.exe" ?
I can't find it in any log :( With 3rd program too.
Please HELP!
0
 
XaelianCommented:
Well, to achieve that, you need to install a bridge from your clients to the server. Otherwise no server application can know which programs are being used by who.
0
 
als315Commented:
You can try Internet Access monitor:
http://www.redline-software.com/eng/products/iam/internet-access-monitor-for-isa-server/
Trial version is available for testing
0
 
TamoozAuthor Commented:
You can try Internet Access monitor
You can't use they last version with Server 2008 R2 and TMG 2010.

you need to install a bridge from your clients to the server
Can you explain please ?
0
 
XaelianCommented:
With that I mean, you would need to install an application that monitors everything the client does. You can send every log to the syslog server ( http://www.intersectalliance.com/projects/EpilogWindows/index.html it has server + client tool ).

In the logs you can see who used the program. If you want to see it real time. That needs some googling, dunno if an application can do that.
0
 
als315Commented:
"You can't use they last version with Server 2008 R2 and TMG 2010." - I am using it with TMG 2010 and Server 2008 R2.
You can store log files only as plain text, if you like to use SQL as log storage, you will need surfcop
0
 
TamoozAuthor Commented:
I don't understand, you mean that i can see in TMG 2010 report some unknown application but i can't know anything else about this application? I can't know who is use this service?
It's stupid! So smart program (for network security) like Forefront TMG 2010 can't give to network administrator information about application usage?
I can't believe!!!
0
 
XaelianCommented:
Customize your report: http://technet.microsoft.com/en-us/library/cc984489.aspx

But TMG has some limitations (if you're running it at a big enterprise).

If you want to really know what the clients are doing, you should take a look at: http://www.webspy.com/products/vantage/default.aspx
0
 
TamoozAuthor Commented:
ok, i have a surfcop installed on TMG 2010 and in surfcop i have no information about applications.

I am using it with TMG 2010 and Server 2008 R2.
Sorry, you are write. I cant install ToolKit, Internet access monitor i can, but this application too not given to me the correct information about applications usage. This application is good for web access monitoring.

Thank you all for help!!!
0
 
als315Commented:
Samples from Internet Access monitor:
applications:
applicationsApplication-computer:
computers
0
 
TamoozAuthor Commented:
it's monitoring applications, but not all of them.
I can install this program now and create report from internet access monitor.
I'm add the report after that :)
0
 
als315Commented:
As I know, application should be known for ISA server. If you can see application in Traffic by application, you can see also application-computers in IAM. IAM do nothing with log files. If application name is here, you can see it. If no - sorry.
0
 
TamoozAuthor Commented:
Now i'm importing data from logs to IAM. After i will publish the results here.
0
 
TamoozAuthor Commented:
So, applications that IAM is found ( from tmg 2010 logs )
Applications in IAM
Log from TMG 2010 today
TMG 2010 Log
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 13
  • 10
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now