• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

TMG 2010 Intrusion prevention system issue

Hi All

           I have a TMG 2010 located in DMZ, and recently i find out that our internet access speed is getting slow, and just wonder from below screenshot "intrusion prevention system"->  "configure flood mitigation settings" , if i have untick "Mitgate flood attacks and worm propagation", will that help to improve on the internet speed ?


1

2
0
piaakit
Asked:
piaakit
  • 2
  • 2
  • 2
1 Solution
 
David CarrCommented:
Is it unchecked now?
0
 
piaakitAuthor Commented:
yes it is uncheck now
0
 
BembiCEOCommented:
If you ask only for the setting above, I would say, it depends...

But maybe you should have a look here, there are a lot of reasons, why TMG may be slow...
http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows_Security/A_10766-Performance-Issues-on-Microsoft-TMG-and-UAG.html

Flood Mitigation counts more or less some the number of connections / second, which are made from clients or from outside. If the limits are triggered, what is shown as an TMG alert, then it can have an impact to the feeled speed up to an timeout. Flood mitigation should prevent the server from external attacks as well as from unsual high traffic from inside to outside due to a virus breackout.

Every protection mechanism has an overhead, but for flood mitigation, what is part of more or less any firewall as well as the newer OS has more an lower impact, as it is just a local counter. As long as it is not all the time triggered by internal clients due to too restrictive settings (= a lot of alerts), the user should not feel a difference. If the limits are triggered, the connectional is temporarly blocked and the user sees delays until timeouts.

As this mechanism makes sense (as long as not covered by a forefront firewall), leave it enabled and make sure, you don't get alerts for normal usage. Otherwise add your clients to exceptions and define higher thresholds for them to avoid to trigger the limits for internal clients.

If a frontend firewall handled flood mitigation, there is no need to have a second one behind it, but don't expect essential improvements as long as you don't see alerts.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
David CarrCommented:
If you have a frontend firewall in your configuration before the TMG servers and Flood mitigation is already unchecked, then that is not the problem. Have you had specific alerts or just user complaints about slowness?
0
 
piaakitAuthor Commented:
noted, and one more question, does it allows to export log from TMG server, such as traffic logs ?
0
 
BembiCEOCommented:
> does it allows
What means "it"? TMG? Flood mitigation?

I would imagine you mean the TMG...
Yes sure....
You can either setup the TMG reporting under Logs & Reports - Reporting (they rely on the local SQL Server instances), after creation you get a web based traffic analysis, which you can view directly from the directory, what you have defined in the report definition or click on the links inside the toolbox "View published report"

or
you go to Logs & Reports - Logging, there you find in the tool box on the right side the settings for the firewall and web proxy logging, where you can set to write either into the local SQL server instances or into a text file. If you write into a txt file, you have to parse the txt files for analysis yourself.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now