Solved

TMG 2010 Intrusion prevention system issue

Posted on 2014-10-21
6
206 Views
Last Modified: 2014-11-22
Hi All

           I have a TMG 2010 located in DMZ, and recently i find out that our internet access speed is getting slow, and just wonder from below screenshot "intrusion prevention system"->  "configure flood mitigation settings" , if i have untick "Mitgate flood attacks and worm propagation", will that help to improve on the internet speed ?


1

2
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 9

Expert Comment

by:David Carr
ID: 40395030
Is it unchecked now?
0
 

Author Comment

by:piaakit
ID: 40396063
yes it is uncheck now
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40405565
If you ask only for the setting above, I would say, it depends...

But maybe you should have a look here, there are a lot of reasons, why TMG may be slow...
http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows_Security/A_10766-Performance-Issues-on-Microsoft-TMG-and-UAG.html

Flood Mitigation counts more or less some the number of connections / second, which are made from clients or from outside. If the limits are triggered, what is shown as an TMG alert, then it can have an impact to the feeled speed up to an timeout. Flood mitigation should prevent the server from external attacks as well as from unsual high traffic from inside to outside due to a virus breackout.

Every protection mechanism has an overhead, but for flood mitigation, what is part of more or less any firewall as well as the newer OS has more an lower impact, as it is just a local counter. As long as it is not all the time triggered by internal clients due to too restrictive settings (= a lot of alerts), the user should not feel a difference. If the limits are triggered, the connectional is temporarly blocked and the user sees delays until timeouts.

As this mechanism makes sense (as long as not covered by a forefront firewall), leave it enabled and make sure, you don't get alerts for normal usage. Otherwise add your clients to exceptions and define higher thresholds for them to avoid to trigger the limits for internal clients.

If a frontend firewall handled flood mitigation, there is no need to have a second one behind it, but don't expect essential improvements as long as you don't see alerts.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 9

Expert Comment

by:David Carr
ID: 40408833
If you have a frontend firewall in your configuration before the TMG servers and Flood mitigation is already unchecked, then that is not the problem. Have you had specific alerts or just user complaints about slowness?
0
 

Author Comment

by:piaakit
ID: 40425432
noted, and one more question, does it allows to export log from TMG server, such as traffic logs ?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 40427449
> does it allows
What means "it"? TMG? Flood mitigation?

I would imagine you mean the TMG...
Yes sure....
You can either setup the TMG reporting under Logs & Reports - Reporting (they rely on the local SQL Server instances), after creation you get a web based traffic analysis, which you can view directly from the directory, what you have defined in the report definition or click on the links inside the toolbox "View published report"

or
you go to Logs & Reports - Logging, there you find in the tool box on the right side the settings for the firewall and web proxy logging, where you can set to write either into the local SQL server instances or into a text file. If you write into a txt file, you have to parse the txt files for analysis yourself.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question