Forefront TMG Web Proxy Test
Forefront TMG application filters provide an extra layer of security at the Microsoft Firewall service. Application filters can access the data stream or datagrams associated with a session within the Firewall service. Application filters are registered with the Firewall service and work with some or all of the application-level protocol streams or datagrams. An application filter can perform protocol-specific or system-specific tasks, such as authentication and virus checking. Some of the application filters provided with the Forefront TMG are:
- DNS filter
- FTP access filter
- H.323 filter
- Intrusion detection filters
- RPC filter
- SIP Access Filter
- SMTP filter
- SOCKS filter
- TFTP Access Filter
- Streaming media application filters
- Web Proxy filter
Web Proxy Filter works at the application level on behalf of a client requesting Web-based traffic. Although you cannot disable this filter, you can configure whether the filter applies to specific protocols. By default, it is applied to the Hypertext Transfer Protocol (HTTP), which is configured as follows:
- Direction is Outbound
- Protocol Type is TCP
- Port is 80
When Web Proxy Filter is enabled for a protocol, that protocol can use the following features, if applicable:
- Authentication
- HTTP filtering
To gauge how effectively this filter performs authentication and HTTP filtering, you can use the Forefront TMG Web Proxy Filter test. Using this test, you can proactively detect current or probable bottlenecks or risks in data transfer between web proxy clients and servers.
Target of the test : A Forefront TMG Server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for the Forefront TMG that is to be monitored.
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The IP address of the host for which this test is to be configured. |
|
Port |
The port at which the specified host listens to. By default, this is 1745. |
|
IsPassive |
If this parameter is set to Yes, then it means that, by default, all the Forefront TMG servers being monitored by the eG system are the passive servers of a Forefront TMG cluster. No alerts will be generated if the servers are not running. Measures will be reported as “Not applicable” by the agent if the servers are not up. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Data array received |
Indicates the rate at which data is received from the computers protected by the Forefront TMG within the same array. |
KB/Sec |
The performance of the Forefront TMG is affected when the scanned email messages are too lengthy in terms of size and attachments. |
|
Data array sent |
Indicates the rate at which data is sent from the computers protected by the Forefront TMG within the same array. |
KB/Sec |
|
|
Total data array |
Indicates the rate at which data transmission takes place in the computers protected by the Forefront TMG within the same array. |
KB/Sec |
This measure is the sum value of the Data array received and Data array sent measures. |
|
Avg time to service the request |
Indicates the time taken to service a web proxy client request. |
Secs |
The value of this measure does not include the time taken for servicing requests by the SSL tunnel. A high value for this measure indicates a processing bottleneck with the firewall service. |
|
Average request speed |
Indicates the rate at which requests are serviced during the last measurement period. |
KB/Sec |
The value of this measure does not include the time taken for servicing requests by the SSL tunnel. A high value for this measure indicates a processing bottleneck with the firewall service. |
|
Active Web Sessions |
Indicates the number of web proxy sessions that are currently active. |
KB/Sec |
The web proxy sessions can either be from different clients or from a client with a single IP address where authentications of the client does not take place. |
|
Data served from cache in ranges |
Indicates the total number of bytes that are serviced from the cache in response to HTTP requests containing range headers. |
KB |
|
|
Data served in ranges |
Indicates the total number of bytes that are returned in response to HTTP requests containing range headers during the last measurement period. |
KB |
|
|
Cache hit ratio |
Indicates the percentage of the web proxy client requests to the Forefront TMG that were successfully serviced by the cache. |
KB |
A high value is desired for this measure and a high value generally indicates that the response time for each service is faster. A value of zero for this measure indicates that the caching capability is not enabled. A low value for this measure generally indicates that either the size of the cache is too small or the requested objects are not avaialbe in the cache. |
|
Data received rate |
Indicates the rate at which data is received from the web proxy clients. |
KB/Sec |
A high value is desired for this measure. A consistent decrease in the value of this measure clearly indicates that the servicing of the requests is considerably delayed. |
|
Data sent rate |
Indicates the rate at which data is sent to the web proxy clients. |
KB/Sec |
A high value is desired for this measure. A consistent low value of this measure clearly indicates that the servicing of the requests is considerably delayed. |
|
Total data transferred |
Indicates the overall rate of data transmission between the Forefront TMG and the web proxy clients. |
KB/Sec |
This measure is the sum of the Data received rate and the Data sent rate measures. |
|
Failed request rate |
Indicates the percentage of requests that failed. |
Percent |
A low value of this measure is desired. |
|
Average request processing rate |
Indicates the rate at which the web proxy requests were processed. |
KB/Sec |
This measure takes into account only the HTTPS traffic that is inspected by the Forefront TMG. A high rate is indicative of good health of the firewall service. |
|
Current compression ratio |
Indicates the ratio of the compressed HTTP response body size to that of the uncompressed body size, expressed in terms of percent during the last measurement period. |
Percent |
This measure takes into account the HTTP responses that are compressed by the Forefront TMG alone. |
|
Requests from array member |
Indicates the ratio of the requests received from another member of the array to the total number of requests that failed during the last measurement period. |
Percent |
|
|
Requests to array member |
Indicates the ratio of the requests sent to another member of the array to the total number of requests that failed during the last measurement period. |
Percent |
|
|
Unknown SSL sessions |
Indicates the total number of unknown SSL sessions that were serviced by the SSL tunnel. |
Number |
|
|
Connect errors |
Indicates the percentage of errors that occurred while connecting to the Forefront TMG expressed as a ratio of the total number of failed requests during the last measurement period. |
Percent |
|
|
HTTP requests |
Indicates the total number of HTTP requests made to the Forefront TMG since the start of the firewall service. |
Number |
|
|
HTTPS requests |
Indicates the total number of secured HTTPS sessions that were serviced by the SSL tunnel. |
Number |
|
|
Outgoing connections |
Indicates the rate of outgoing connections that are made from the Forefront TMG. |
Connections/sec |
|
|
Incoming connections |
Indicates the rate of incoming connections that are made to the Forefront TMG. |
Connections/sec |
|
|
Requests |
Indicates the rate of incoming requests that were made to the web proxy. |
Connections/sec |
A higher value indicates that the Forefront TMG would require more resources to service all the incoming requeests. Tbis measure is a clear indicator of the Forefront TMG's load handling ability. |
|
Reverse data transferred |
Indicates the overall rate of data transmitted between the Web proxy and the web publishing servers in response to the incoming requests. |
KB/Sec |
|
|
Thread pool active sessions |
Indicates the rate at which active sessions are currently serviced by the thread pools. |
KB/Sec |
A high value is desired for this measure. |
|
Web proxy authentication queue length |
Indicates the number of items that are currently waiting in the web proxy authentication queue. |
Number |
|
|
Compression ratio of size reduction |
Indicates the ratio of average size reduction of the HTTP response body to the uncompressed body size during the last measurement period. |
Percent |
|
|
FTP requests |
Indicates the number of File Transfer Protocol (FTP) requests that were made to the web proxy. |
Number |
A low value for this measure is an indication of the poor caching policy of FTP objects. Try altering the caching policy to get better results. |
|
Thread pool failures |
Indicates the number of requests that were rejected due to the thread pool being full. |
Number |
|
