eG Monitoring
 

Measures reported by FTMGProxyTest

Forefront TMG application filters provide an extra layer of security at the Microsoft Firewall service. Application filters can access the data stream or datagrams associated with a session within the Firewall service. Application filters are registered with the Firewall service and work with some or all of the application-level protocol streams or datagrams. An application filter can perform protocol-specific or system-specific tasks, such as authentication and virus checking. Some of the application filters provided with the Forefront TMG are:

  • DNS filter
  • FTP access filter
  • H.323 filter
  • Intrusion detection filters
  • RPC filter
  • SIP Access Filter
  • SMTP filter
  • SOCKS filter
  • TFTP Access Filter
  • Streaming media application filters
  • Web Proxy filter

Web Proxy Filter works at the application level on behalf of a client requesting Web-based traffic. Although you cannot disable this filter, you can configure whether the filter applies to specific protocols. By default, it is applied to the Hypertext Transfer Protocol (HTTP), which is configured as follows:

  • Direction is Outbound.
  • Protocol Type is TCP.
  • Port is 80.

When Web Proxy Filter is enabled for a protocol, that protocol can use the following features, if applicable:

  • Authentication.
  • HTTP filtering.

By closely monitoring the web proxy filter of the Forefront TMG, you could identify the rate of data transmission, the time taken to service a request from the web proxy cilent and the number of active web proxy session. Additionally, you could identify the rate of data transmission to the web proxy clients, the active seesions and the rate at which sessions are serviced by the thread pools and the requests rejected by the thread pools. The FTMGProxyTest test exactly helps you in identifying this! This way, administrators can keep track on the data passing through the Web proxy filter and be alerted periodically when there is a potential bottleneck or risk in the data transferred.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
ArrByteReceived Indicates the rate at which data is received from the computers protected by the Forefront TMG within the same array. KB/Sec The performance of the Forefront TMG is affected when the scanned email messages are too lengthy in terms of size and attachments.
ArrByteSent Indicates the rate at which data is sent from the computers protected by the Forefront TMG within the same array. KB/Sec  
ArrByteTotal Indicates the rate at which data transmission takes place in the computers protected by the Forefront TMG within the same array. KB/Sec This measure is the sum value of the ArrByteReceived and ArrByteSent measures.
AvgReq Indicates the time taken to service a web proxy client request. Secs The value of this measure does not include the time taken for servicing requests by the SSL tunnel. A high value for this measure indicates that the firewall is having difficulty in handling the requests which clearly indicates that the firewall is currently overloaded.
AvgReqSpeed Indicates the rate at which requests are serviced during the last measurement period. KB/Sec The value of this measure does not include the time taken for servicing requests by the SSL tunnel. A high value for this measure indicates that the firewall is having difficulty in handling the requests which clearly indicates that the firewall is currently overloaded.
ActWeb Indicates the number of web proxy sessions that are currently active. KB/Sec The web proxy sessions can either be from different clients or from a client with a single IP address where authentications of the client does not take place.
ByteFromCache Indicates the total number of bytes that are serviced from the cache in response to HTTP requests containing range headers. KB  
ByteServed Indicates the total number of bytes that are returned in response to HTTP requests containing range headers during the last measurement period. KB  
CacheHit Indicates the percentage of the web proxy client requests to the Forefront TMG that were successfully serviced by the cache. KB A high value is desired for this measure and a high value generally indicates that the response time for each service is faster. A value of zero for this measure indicates that the caching capability is not enabled. A low value for this measure is a generally indicates that either the size of the cache is too small or the requests are not avaialbe in the cache.
ClientByteReceived Indicates the rate at which data is received from the web proxy clients. KB/Sec A high value is desired for this measure. A consistently low value of this measure clearly indicates that the servicing of the requests is considerably delayed.
ClientByteSent Indicates the rate at which data is sent to the web proxy clients. KB/Sec A high value is desired for this measure. A consistently low value of this measure clearly indicates that the servicing of the requests is considerably delayed.
ClientByteTotal Indicates the overall rate of data transmission between the Forefront TMG and the web proxy clients. KB/Sec This measure is the sum of the ClientByteReceived and the ClientByteSent measures.
FailureReq Indicates the percentage of requests that failed. Percent  
AvgReqRate Indicates the rate at which the web proxy requests were processed. KB/Sec This measure takes into account only the HTTPS traffic that is inspected by the Forefront TMG.
CurComRatio Indicates the ratio of the compressed HTTP response body size to that of the uncompressed body size, expressed in terms of percent during the last measurement period. Percent This measure takes into account the HTTP responses that are compressed by the Forefront TMG alone.
ReqFromArrMember Indicates the ratio of the requests received from another member of the array to the total number of requests that failed during the last measurement period. Percent  
ReqToArrMember Indicates the ratio of the requests sent to another member of the array to the total number of requests that failed during the last measurement period. Percent  
UnknownSSL Indicates the total number of unknown SSL sessions that were serviced by the SSL tunnel. Number  
ConnectErrors Indicates the ratio of the errors that occurred while connecting to the total number of failed requests, expressed as percent during the last measurement period. Percent  
HttpReq Indicates the total number of HTTP requests made to the Forefront TMG since the start of the firewall service. Number  
HttpsReq Indicates the total number of secured HTTPS sessions that were serviced by the SSL tunnel. Number  
outConn Indicates the rate of outgoing connections that are made from the Forefront TMG. Connections/sec  
InConn Indicates the rate of incoming connections that are made to the Forefront TMG. Connections/sec  
Request Indicates the rate of incoming requests that were made to the web proxy. Connections/sec A higher value indicates that the Forefront TMG would require more resources to service all the incoming requeests. Tbis measure is a clear indicator of the Forefront TMG's load handling ability.
RevBytes Indicates the overall rate of data transmitted between the Web proxy and the web publishing servers in response to the incoming requests. KB/Sec  
ThreadAct Indicates the rate at which active sessions are currently serviced by the thread pools. KB/Sec A high value is desired for this measure.
WebProxy Indicates the number of items that are currently waiting in the web proxy authentication queue. Number  
ComReduction Indicates the number of items that are currently waiting in the web proxy authentication queue. Number  
FTPreq Indicates the number of File Transfer Protocol (FTP) requests that were made to the web proxy. Number A low value for this measure is an indication of the poor caching policy of FTP objects. Try altering the caching policy to get better results.
ThreadPool Indicates the number of requests that were rejected due to the thread pool being full. Number