TMG 2010 Intrusion prevention system issue

Posted on 2014-10-21
Last Modified: 2014-11-22
Hi All

           I have a TMG 2010 located in DMZ, and recently i find out that our internet access speed is getting slow, and just wonder from below screenshot "intrusion prevention system"->  "configure flood mitigation settings" , if i have untick "Mitgate flood attacks and worm propagation", will that help to improve on the internet speed ?


Question by:piaakit
  • 2
  • 2
  • 2

Expert Comment

by:David Carr
ID: 40395030
Is it unchecked now?

Author Comment

ID: 40396063
yes it is uncheck now
LVL 35

Expert Comment

ID: 40405565
If you ask only for the setting above, I would say, it depends...

But maybe you should have a look here, there are a lot of reasons, why TMG may be slow...

Flood Mitigation counts more or less some the number of connections / second, which are made from clients or from outside. If the limits are triggered, what is shown as an TMG alert, then it can have an impact to the feeled speed up to an timeout. Flood mitigation should prevent the server from external attacks as well as from unsual high traffic from inside to outside due to a virus breackout.

Every protection mechanism has an overhead, but for flood mitigation, what is part of more or less any firewall as well as the newer OS has more an lower impact, as it is just a local counter. As long as it is not all the time triggered by internal clients due to too restrictive settings (= a lot of alerts), the user should not feel a difference. If the limits are triggered, the connectional is temporarly blocked and the user sees delays until timeouts.

As this mechanism makes sense (as long as not covered by a forefront firewall), leave it enabled and make sure, you don't get alerts for normal usage. Otherwise add your clients to exceptions and define higher thresholds for them to avoid to trigger the limits for internal clients.

If a frontend firewall handled flood mitigation, there is no need to have a second one behind it, but don't expect essential improvements as long as you don't see alerts.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Expert Comment

by:David Carr
ID: 40408833
If you have a frontend firewall in your configuration before the TMG servers and Flood mitigation is already unchecked, then that is not the problem. Have you had specific alerts or just user complaints about slowness?

Author Comment

ID: 40425432
noted, and one more question, does it allows to export log from TMG server, such as traffic logs ?
LVL 35

Accepted Solution

Bembi earned 500 total points
ID: 40427449
> does it allows
What means "it"? TMG? Flood mitigation?

I would imagine you mean the TMG...
Yes sure....
You can either setup the TMG reporting under Logs & Reports - Reporting (they rely on the local SQL Server instances), after creation you get a web based traffic analysis, which you can view directly from the directory, what you have defined in the report definition or click on the links inside the toolbox "View published report"

you go to Logs & Reports - Logging, there you find in the tool box on the right side the settings for the firewall and web proxy logging, where you can set to write either into the local SQL server instances or into a text file. If you write into a txt file, you have to parse the txt files for analysis yourself.

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ISA 2006 Server question 3 510
Publishing Exchange HT-CAS 2007 with Threat Management Gateway 2010 ? 10 436
Looking for a Proxy Server 3 257
Managing ForeFront Endpoint with SCCM2012 4 1,189
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question