Hello
How do i log traffic TO and FROM a client eg. 192.168.2.10, in the live Logs and Reports?
(one of the times I feel stupid asking)
↧
TMG logging: client ip OR destination ip equal...?
↧
Publishing OWA and FTP
Hi There,
I have installed Forefront UAG 2010 on Windows 2008 server with 1 NIC card for both external and internal. My server is in DMZ.
Can you please help me in publishing Exchange OWA and FTP with this setup.
Thanks
Javed
↧
↧
TMG Proxy Authentication Issue
Hi
I am facing an issue with TMG proxy.
Some times it is prompting for User credentials. Even after giving the correct credentials also it is prompting for the credentials again and again. After restarting the TMG proxy server it is working fine. Like this happening once in a day or once for every two days. Today without restarting the sever issue has been resolved.
Why this issue is coming. Please suggest me to resolve this issue.
↧
Route between two branch offices via IPsec VPN to head office
I have TMG 2010 running on Server 2008 R2 in our head office with 2 branch offices connecting in using Dray Tek 2930 routers with IPsec site to site VPNS. The remote sites can route between the head office network and vice versa with no issues. I would like to enable the branch offices to route between each other.
Head Office is on 192.168.100.0/24 DG 192.168.100.254 (internal TMG NIC)
Branch office A is on 192.168.7.0/24 DG 192.168.7.1
Branch office B is on 192.168.0.0/24 DG 192.168.0.1
On the routers at the branch offices I have added the other subnets to the routing table to route via the VPN.
On TMG network and Firewall rules allow traffic between all networks listed above and traffic simulator reports allowed packets.
When pinging from one branch network to the other, TMG Reports that allowed packet from source network to destination network correctly, however pings fail. RDP is the same.
↧
Google Remote Desktop - Forefront TMG
Hello!
I am wondering if anyone knows how to configure Forefront TMG to be able to use Google Remote Protocol from outside of our network. If i connect form tablet to PC both inside same network it works, but if pc is behinf forefornt and tablet is connected to some other network (my home,...) i can not connect to my PC.
Does anyone use Chrome Remote Desktop and knows that?
↧
↧
WMI to TMG
Hey,
We've recently implemented VAMT 3.1 and this is working well, except for our TMG servers. The VAMT error message is 'Unable to connect to the WMI service on the remote computer'.
Presumably TMG is set to block this to itself out of the box, so I went through the process of disabling strict RPC compliance in the system policy and creating a rule allowing WMI to Local Host, but it still doesn't work.
Is there any guidance in setting up WMI from VAMT to TMG? One of our TMG servers is in a remote site (TMG to TMG site to site VPN), so i'll need access to that one too.
Thanks.
↧
Error Code: 500 Internal Server Error. The certificate is revoked. TMG 2010 Publishing with CA Client Auth
Hello,
I have published a couple of sites trough TMG 2010 to the outside world.
They are publish trough https and listener activated for only Certificate Client Authentication. When I test the sites on my windows 7 pro, my Ipad (IOS7) or whatever it works fine. When I try it on my Windows Phone 8.1 (WP8.1) TMG gives a error...
Error code 500 internal server error. The certificate is revoked. (-2146885616)
My WP8.1 is version 8.10.12393.890 and should support the user certificate.
The same certificate is used for ActiveSync on the same phone and works like a charm. This was also with WP8, but the browser did not support the user certificate. Now it does, I believe:http://msdn.microsoft.com/en-us/library/dn643705.aspx
Perry
↧
replication problem tmg
Delay in the application of certain powers to users
When you activate some of the powers of the Internet for some users take some time exceeds 20 minutes
What's the cause of this problem
When you add a new user into the TMJ by Activ Directory sometimes when you search for a domain to choose a new user does not have to be> only domain selection of the TMG surfer
When you activate some of the powers of the Internet for some users take some time exceeds 20 minutes
What's the cause of this problem
When you add a new user into the TMJ by Activ Directory sometimes when you search for a domain to choose a new user does not have to be> only domain selection of the TMG surfer
↧
Q: How to block a server?
How do I block a single server ip from doing anything through TMG, both incoming and outgoing, including tcp udp icmp etc etc?
I know I can drill through all rule I see where it belong, but in practice that is not an option, if I need it done quick.
It should act almost as if I had disabled networkcard.
/edit
I did try find the "All Traffic" protocol defined in Default Rule, but couldnt.
↧
↧
SCCM 2012 Client Installation
When I am pushing the client installation i am getting the below error in few computers
Unable to connect to WMI on remote machine "PC161", error = 0x800706ba.
Please find the full error report below.I am able to access admin share but client installation not
happening
---> The 'best-shot' account has now succeeded 677 times and failed 377 times.SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
---> Connected to administrative share on machine PC161 using account 'DCD\Administrator'SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
---> Attempting to make IPC connection to share <\\PC161\IPC$>SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
---> Searching for SMSClientInstall.* under '\\PC161\admin$\'SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
---> Unable to connect to WMI on remote machine "PC161", error = 0x800706ba.SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
---> Deleting SMS Client Install Lock File '\\PC161\admin$\SMSClientInstall.CVD'SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
Execute query exec [sp_CP_SetLastErrorCode] 2097152199, -2147023174SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
Stored request "2097152199", machine name "PC161", in queue "Retry".SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152199, 2SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
Execute query exec [sp_CP_SetLatest] 2097152199, N'06/25/2014 07:19:13', 74SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
<======End request: "2097152199", machine name: "PC161".SMS_CLIENT_CONFIG_MANAGER6/25/2014 11:19:13 AM13240 (0x33B8)
↧
Problem configuring TMG 2010 with a single network adapter
I have a server 2008 R2, with domain xxx.local, that has about 15 users. I needed to install TMG 2010, but i figured out that i cant now, because TMG is not supported in Domain controller. So i decided to buy another server, I installed server 2008 R2, and joined to xxx.local. Now i have installed TMG 2010 here and want to configure it to create access allow/deny rules for the users. What should I do now because i created an access rule, but it didnt affected the users. Maybe need to configure any proxy settings, i dont know what.
It's my first experience with TMG 2010 and I dont know what to do!
Need some help!
1122
↧
Alternative to TMG2010 for IPsec Tunnels
Hey guys,
I recently got a request to change the key exchange lifetime for one of our ipsec tunnels. This lead me to the conclusion that such a change is not possible with tmg / windows adv firewall, because I would need to change this value as a default value for all connections!?
Now I am a little bit clueless because since migrating to TMG2010 we used WinAdvFW in addition to TMG (yes this works perfectly with our setup :) ), but such a change is imho not possible with this setup.
Do you have any alternative solutions for managing multiple IPsec tunnels (30+) with completely different parameters such as key exchange lifetime, shared secrets, certificates and so on, connection based?
Thanks for every hint :)
Best regards
↧
Work around for Error 64 "The specified network name is no longer available"?
One of my users is trying to download a CSV file from a site called Finlistics, a search service that provides information about businesses, similar to D&B Hoovers.
Anyway, she can set her search criteria and view the results on the page, then when she clicks to download the information to a CSV file, another page loads and with the ISA Server error 64 message "The specified network name is no longer available."
It doesn't matter what computer she uses, or who is the logged on user, if the computer is behind the ISA Server the download fails with Error 64.
If she tries the same search from outside our protected network she is able to successfully download the file.
We use ISA Server 2006. EnablePMTUDiscovery is already set to 1. In any event there really isn't anything between the ISA Server and the TWC fiber mux in the basement.
So my question is, is there a hammer approach fix for this. I know it is probably the destination server resetting the connect that is causing the problem, but can I make ISA ignore the reset, thereby allowing the user to download the file??
Thank you
Manning
↧
↧
ForeFront TMG and Sharepoint 2010 with SQL Integrated Reporting services ReportBuilder 403 error.
Hello,
We have a Sharepoint 2010 with SQL 2008 r2 reporting services integrated with sharepoint. We also have a forefront TMG firewall for external users. Internally users are able to access sharepoint and launch the reportbuilder application download and launch without issue. External users are able to login and access site the problem comes when they click the "new/Reportbuilder report" from the Documents/New Document Drop down menu" . the forefront tmg box is in DMZ and is not a member of domain and is using LDAP to authenticate external sharepoint users. We really need to allow for external users to launch report builder without the use of VPN.
Thanks.
↧
Dumb Question - Traceroute through TMG
Hi Folks;
For a long time now something about my TMG 2010 install has bugged me - whenever I do a traceroute the firewall never shows up in the list - ie;
C:\>tracert ibm.com
Tracing route to ibm.com [129.42.38.1]
over a maximum of 30 hops:
1 * * * Request timed out.
2 24 ms 11 ms 28 ms x.x.x
3 25 ms 12 ms 10 ms x.x.x
4 15 ms 16 ms 26 ms x.x.x
5 20 ms 19 ms 36 ms x.x.x
6 29 ms 36 ms 31 ms x.x.x
So, the first hop should be my firewall but it never shows up.
As a guess, I created a rule for ICMP from internal to all networks (and local host) but that didn't fix it.
It's not a big deal but it would be nice if the first hop (the tmg 2010 machine) actually showed up.
This is the log file showing all denied requests from that traceroute machine;
UDP 60133 Firewall 192.168.1.1 0xc0040050 FWX_E_TCPIP_DROP_IP_NOT_LOCALLY_DESTINED 239.255.255.250
ICMP 2048 Firewall 192.168.1.1 0xc004005a FWX_E_TCPIP_DROP_IP_HOP_LIMIT_EXCEEDED 129.42.38.1 External 0 PING Denied Connection
ICMP 2048 Firewall 192.168.1.1 0xc004005a FWX_E_TCPIP_DROP_IP_HOP_LIMIT_EXCEEDED 129.42.38.1 External 0 PING Denied Connection
ICMP 2048 Firewall 192.168.1.1 0xc004005a FWX_E_TCPIP_DROP_IP_HOP_LIMIT_EXCEEDED 129.42.38.1 External 0 PING Denied Connection
↧
Error the service FWSRV of TMG 2010 on Windows server 2008 R2 Enterprise
Please help me about a issue of TMG 2010:
My company installed TMG 2010 on Windows server 2008 R2 Enterprise but it happen error " Due to an unexpected error, the service fwsrv stopped responding to all requests. Stop the service or the corresponding process if it does not respond, and then start it again. Check for related error messages."
and " The Firewall service stopped because an application filter module C:\Windows\SYSTEM32\ntdll.dll generated an exception code C0000005 in address 0000000077A72F86 when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service."
I have reinstall but there error also appear again. My company use about 2000 clients access through TMG 2010.
i have try update windows and TMG latest but can not solved this issue.
i hope everyone help me as soon as. thank you so much.
↧
TMG-2010 Problems with Malware Inspection
Hi @all,
we are currently testing the Malware Inspection Feature one TMG 2010 (7.0.9193.515) and I have come over some difficulties.
Some Downloads are slow. I tested it with this Link: http://support.ts.fujitsu.com/Download/Showdescription.asp?SoftwareGUID=18A38D91-7AD3-4C45-97F9-9A3F9A645A76 . Its a Server Monitoring Software from Fujitsu. When I enable Standard Trickling as Content Delivery Method the Download takes about 11 minutes. Without Malware Inspection on the TMG it takes about 6 minutes. So thats ok. When I enable Fast Trickling the Download lasts over one hour. Performance shows about 25% CPU Usage and about 2 GB of RAM (Server has 4 GB). The Client is Windows 7 with IE8 and the TMG as Proxy Server. DNS Servers are only configured on the LAN Interface on TMG. The Scanfolder is not located on the Systemdrive.
Another issue is that some files are recognized as encrypted and blocked, although they are not. And sometimes after a few tries the file is being downloaded. Here are some exampleshttp://mirrors.igsobe.com/ubcd/ubcd511.iso andhttp://ftp.beratungstechnologie.de/Sonstiges/Msp/2_patchRepairMsi.msp .
If you need more details, I'll write them.
Thanks in advance, Benny
↧
↧
ISA problem with SSL web-publication
Hello colleagues.
I have resource: https://site4.domain.ru:9510/pmpsvc and in LAN resource work fine:
http://imgur.com/2cQ6vlF
I publish it through ISA 2006 server, but publication is not work:
http://imgur.com/QKsJXK1
For publication I create 2 rules on ISA server:
Rule 1 for SSL port 9510 (on top):
From: Anywhere
To: site4.domain.ru
Traffic: HTTPS
Listener:
http://imgur.com/eQdCECp
http://imgur.com/R4Dni9a
http://imgur.com/LkWKbuw
Publish name: site4.domain.ru
Path: http://imgur.com/mQYGR8g
Authentication Delegation: No delegation, and client cannot authenticate directly
Bridging: http://imgur.com/LyYtpKx
Users: All Users
Rule 2 (lower):
From: Anywhere
To: site4.domain.ru
Traffic: HTTP and HTTPS
Listener:
http://imgur.com/JypyjzS
http://imgur.com/7Nskg1D
http://imgur.com/UHEdI6Q
Publish name: site4.domain.ru
Path: http://imgur.com/mQYGR8g
Authentication Delegation: http://imgur.com/lzArrI1
Bridging: http://imgur.com/73vj7zE
Users: All Authenticated Users
I don't understood where is problem. Maybe someone solved a similar problem?
Thanks.
↧
Limit Web Access For Some Users At Certain Times
We need to limit internet access (HTTP and HTTPS) for some users except at certain times of the day. We created a web access rule to deny access only for those users. The problem is that access is denied for ALL users whenever the rule is enabled,
so the rule is working, but it isn't limited to the specified users. It doesn't seem to matter how the scheduling option is configured. Any suggestions would be appreciated.
↧
TMG 2010 with Intervlan Routing Setting
Dear All,
I have problem with my network environment , when i build intervlan routing with cisco L3 switch and TMG 2010 as a gateway to Internet. I have some VLAN for internal network and L3 switch doing routing.
When i add default gateway config on the L3 switch to internal NIC of TMG , internet doesn't work . But if i didn't set L3 switch gateway to internal NIC of TMG internet connections can work.
i have been configured route on TMG to my internal network , and all vlan can reached from TMG.
this is my topoloogy:
VLAN >> L3Switch (Routing) >> TMG2010 >> Firewall PFsense >> Internet
Is it possible to add default gateway from L3Switch to TMG2010 ?
↧