Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

TMG 2010 Intrusion prevention system issue

Posted on 2014-10-21
6
Medium Priority
?
210 Views
Last Modified: 2014-11-22
Hi All

           I have a TMG 2010 located in DMZ, and recently i find out that our internet access speed is getting slow, and just wonder from below screenshot "intrusion prevention system"->  "configure flood mitigation settings" , if i have untick "Mitgate flood attacks and worm propagation", will that help to improve on the internet speed ?


1

2
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 9

Expert Comment

by:David Carr
ID: 40395030
Is it unchecked now?
0
 

Author Comment

by:piaakit
ID: 40396063
yes it is uncheck now
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40405565
If you ask only for the setting above, I would say, it depends...

But maybe you should have a look here, there are a lot of reasons, why TMG may be slow...
http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows_Security/A_10766-Performance-Issues-on-Microsoft-TMG-and-UAG.html

Flood Mitigation counts more or less some the number of connections / second, which are made from clients or from outside. If the limits are triggered, what is shown as an TMG alert, then it can have an impact to the feeled speed up to an timeout. Flood mitigation should prevent the server from external attacks as well as from unsual high traffic from inside to outside due to a virus breackout.

Every protection mechanism has an overhead, but for flood mitigation, what is part of more or less any firewall as well as the newer OS has more an lower impact, as it is just a local counter. As long as it is not all the time triggered by internal clients due to too restrictive settings (= a lot of alerts), the user should not feel a difference. If the limits are triggered, the connectional is temporarly blocked and the user sees delays until timeouts.

As this mechanism makes sense (as long as not covered by a forefront firewall), leave it enabled and make sure, you don't get alerts for normal usage. Otherwise add your clients to exceptions and define higher thresholds for them to avoid to trigger the limits for internal clients.

If a frontend firewall handled flood mitigation, there is no need to have a second one behind it, but don't expect essential improvements as long as you don't see alerts.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:David Carr
ID: 40408833
If you have a frontend firewall in your configuration before the TMG servers and Flood mitigation is already unchecked, then that is not the problem. Have you had specific alerts or just user complaints about slowness?
0
 

Author Comment

by:piaakit
ID: 40425432
noted, and one more question, does it allows to export log from TMG server, such as traffic logs ?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 2000 total points
ID: 40427449
> does it allows
What means "it"? TMG? Flood mitigation?

I would imagine you mean the TMG...
Yes sure....
You can either setup the TMG reporting under Logs & Reports - Reporting (they rely on the local SQL Server instances), after creation you get a web based traffic analysis, which you can view directly from the directory, what you have defined in the report definition or click on the links inside the toolbox "View published report"

or
you go to Logs & Reports - Logging, there you find in the tool box on the right side the settings for the firewall and web proxy logging, where you can set to write either into the local SQL server instances or into a text file. If you write into a txt file, you have to parse the txt files for analysis yourself.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question