Forefront TMG Socks Filter Test
Socket Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. The Forefront TMG can perform as a SOCKS Server or a SOCKS proxy. The SOCKS filter provided with Forefront TMG forwards requests from SOCKS applications to the Microsoft Firewall service. Forefront TMG checks the access policy rules to determine if the SOCKS client application can communicate with the Internet.
To understand how well the Forefront TMG filters and processes requests from SOCKS applications, use the Forefront TMG Socks Filter test. With the help of this test, you can identify the number of active connections and sessions that are connected using the SOCKS protocol and the rate at which data is read from and written to the client. In addtition, this test reveals the rate of pending DNS resolutions and those DNS resolutions that were successful.
Target of the test : A Forefront TMG Server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for the Forefront TMG that is to be monitored.
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The IP address of the host for which this test is to be configured. |
|
Port |
The port at which the specified host listens to. By default, this is 1745. |
|
IsPassive |
If this parameter is set to Yes, then it means that, by default, all the Forefront TMG servers being monitored by the eG system are the passive servers of a Forefront TMG cluster. No alerts will be generated if the servers are not running. Measures will be reported as “Not applicable” by the agent if the servers are not up. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Active connections |
Indicates the total number of active connections (connected through SOCKS protocol) that are currently passing data through this firewall. |
Connections/sec |
The value of this measure is incremented by one for each successfully established SOCKS connection and decremented by one if the SOCKS connection is terminated. |
|
Active sessions |
Indicates the total number of active sessions that are connected through SOCKS protocol. |
Sessions/sec |
This is a good indicator of the load imposed on the firewall by the SOCKS sessions. |
|
Data read rate |
Indicates the rate at which data is read from the client by the server when the connections are established through SOCKS protocol. |
KB/sec |
|
|
Data write rate |
Indicates the rate at which data is written to the client by the server when the connections are established through SOCKS protocol. |
KB/sec |
|
|
Connecting connections |
Indicates the number of connections that are currently waiting for a remote computer to connect to using the SOCKS protocol. |
Connections/sec |
|
|
Listening connections |
Indicates the rate at which the SOCKS filter listens for an incoming connection on a specified port, when a BIND command is issued to the SOCKS filter by a client. |
Connections/sec |
|
|
Pending DNS resolutions |
Indicates the number of Winsock getaddrinfo() requests that are currently pending per second. |
Connections/Sec |
A low value is desired for this measure. These requests resolve host DNS names and IP addresses for SOCKS connections. |
|
Successful DNS resolutions |
Indicates the number of DNS resolution requests made using SOCKS protocol that are currently resolved per second. |
Connections/Sec |
A high value is desired for this measure. |
