Solved

TMG 2010 Intrusion prevention system issue

Posted on 2014-10-21
6
197 Views
Last Modified: 2014-11-22
Hi All

           I have a TMG 2010 located in DMZ, and recently i find out that our internet access speed is getting slow, and just wonder from below screenshot "intrusion prevention system"->  "configure flood mitigation settings" , if i have untick "Mitgate flood attacks and worm propagation", will that help to improve on the internet speed ?


1

2
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 9

Expert Comment

by:David Carr
ID: 40395030
Is it unchecked now?
0
 

Author Comment

by:piaakit
ID: 40396063
yes it is uncheck now
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40405565
If you ask only for the setting above, I would say, it depends...

But maybe you should have a look here, there are a lot of reasons, why TMG may be slow...
http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows_Security/A_10766-Performance-Issues-on-Microsoft-TMG-and-UAG.html

Flood Mitigation counts more or less some the number of connections / second, which are made from clients or from outside. If the limits are triggered, what is shown as an TMG alert, then it can have an impact to the feeled speed up to an timeout. Flood mitigation should prevent the server from external attacks as well as from unsual high traffic from inside to outside due to a virus breackout.

Every protection mechanism has an overhead, but for flood mitigation, what is part of more or less any firewall as well as the newer OS has more an lower impact, as it is just a local counter. As long as it is not all the time triggered by internal clients due to too restrictive settings (= a lot of alerts), the user should not feel a difference. If the limits are triggered, the connectional is temporarly blocked and the user sees delays until timeouts.

As this mechanism makes sense (as long as not covered by a forefront firewall), leave it enabled and make sure, you don't get alerts for normal usage. Otherwise add your clients to exceptions and define higher thresholds for them to avoid to trigger the limits for internal clients.

If a frontend firewall handled flood mitigation, there is no need to have a second one behind it, but don't expect essential improvements as long as you don't see alerts.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:David Carr
ID: 40408833
If you have a frontend firewall in your configuration before the TMG servers and Flood mitigation is already unchecked, then that is not the problem. Have you had specific alerts or just user complaints about slowness?
0
 

Author Comment

by:piaakit
ID: 40425432
noted, and one more question, does it allows to export log from TMG server, such as traffic logs ?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 40427449
> does it allows
What means "it"? TMG? Flood mitigation?

I would imagine you mean the TMG...
Yes sure....
You can either setup the TMG reporting under Logs & Reports - Reporting (they rely on the local SQL Server instances), after creation you get a web based traffic analysis, which you can view directly from the directory, what you have defined in the report definition or click on the links inside the toolbox "View published report"

or
you go to Logs & Reports - Logging, there you find in the tool box on the right side the settings for the firewall and web proxy logging, where you can set to write either into the local SQL server instances or into a text file. If you write into a txt file, you have to parse the txt files for analysis yourself.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question