Forefront TMG Web Proxy Test

Forefront TMG application filters provide an extra layer of security at the Microsoft Firewall service. Application filters can access the data stream or datagrams associated with a session within the Firewall service. Application filters are registered with the Firewall service and work with some or all of the application-level protocol streams or datagrams. An application filter can perform protocol-specific or system-specific tasks, such as authentication and virus checking. Some of the application filters provided with the Forefront TMG are:

  • DNS filter
  • FTP access filter
  • H.323 filter
  • Intrusion detection filters
  • RPC filter
  • SIP Access Filter
  • SMTP filter
  • SOCKS filter
  • TFTP Access Filter
  • Streaming media application filters
  • Web Proxy filter

Web Proxy Filter works at the application level on behalf of a client requesting Web-based traffic. Although you cannot disable this filter, you can configure whether the filter applies to specific protocols. By default, it is applied to the Hypertext Transfer Protocol (HTTP), which is configured as follows:

  • Direction is Outbound
  • Protocol Type is TCP
  • Port is 80

When Web Proxy Filter is enabled for a protocol, that protocol can use the following features, if applicable:

  • Authentication
  • HTTP filtering

To gauge how effectively this filter performs authentication and HTTP filtering, you can use the Forefront TMG Web Proxy Filter test. Using this test, you can proactively detect current or probable bottlenecks or risks in data transfer between web proxy clients and servers.

Target of the test : A Forefront TMG Server

Agent deploying the test : An internal agent

Outputs of the test : One set of results for the Forefront TMG that is to be monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which this test is to be configured.

Port

The port at which the specified host listens to. By default, this is 1745.

IsPassive

If this parameter is set to Yes, then it means that, by default, all the Forefront TMG servers being monitored by the eG system are the passive servers of a Forefront TMG cluster. No alerts will be generated if the servers are not running. Measures will be reported as “Not applicable” by the agent if the servers are not up.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Data array received

Indicates the rate at which data is received from the computers protected by the Forefront TMG within the same array.

KB/Sec

The performance of the Forefront TMG is affected when the scanned email messages are too lengthy in terms of size and attachments.

Data array sent

Indicates the rate at which data is sent from the computers protected by the Forefront TMG within the same array.

KB/Sec

 

Total data array

Indicates the rate at which data transmission takes place in the computers protected by the Forefront TMG within the same array.

KB/Sec

This measure is the sum value of the Data array received and Data array sent measures.

Avg time to service the request

Indicates the time taken to service a web proxy client request.

Secs

The value of this measure does not include the time taken for servicing requests by the SSL tunnel. A high value for this measure indicates a processing bottleneck with the firewall service.

Average request speed

Indicates the rate at which requests are serviced during the last measurement period.

KB/Sec

The value of this measure does not include the time taken for servicing requests by the SSL tunnel. A high value for this measure indicates a processing bottleneck with the firewall service.

Active Web Sessions

Indicates the number of web proxy sessions that are currently active.

KB/Sec

The web proxy sessions can either be from different clients or from a client with a single IP address where authentications of the client does not take place.

Data served from cache in ranges

Indicates the total number of bytes that are serviced from the cache in response to HTTP requests containing range headers.

KB

 

Data served in ranges

Indicates the total number of bytes that are returned in response to HTTP requests containing range headers during the last measurement period.

KB

 

Cache hit ratio

Indicates the percentage of the web proxy client requests to the Forefront TMG that were successfully serviced by the cache.

KB

A high value is desired for this measure and a high value generally indicates that the response time for each service is faster. A value of zero for this measure indicates that the caching capability is not enabled. A low value for this measure generally indicates that either the size of the cache is too small or the requested objects are not avaialbe in the cache.

Data received rate

Indicates the rate at which data is received from the web proxy clients.

KB/Sec

A high value is desired for this measure. A consistent decrease in the value of this measure clearly indicates that the servicing of the requests is considerably delayed.

Data sent rate

Indicates the rate at which data is sent to the web proxy clients.

KB/Sec

A high value is desired for this measure. A consistent low value of this measure clearly indicates that the servicing of the requests is considerably delayed.

Total data transferred

Indicates the overall rate of data transmission between the Forefront TMG and the web proxy clients.

KB/Sec

This measure is the sum of the Data received rate and the Data sent rate measures.

Failed request rate

Indicates the percentage of requests that failed.

Percent

A low value of this measure is desired.

Average request processing rate

Indicates the rate at which the web proxy requests were processed.

KB/Sec

This measure takes into account only the HTTPS traffic that is inspected by the Forefront TMG. A high rate is indicative of good health of the firewall service.

Current compression ratio

Indicates the ratio of the compressed HTTP response body size to that of the uncompressed body size, expressed in terms of percent during the last measurement period.

Percent

This measure takes into account the HTTP responses that are compressed by the Forefront TMG alone.

Requests from array member

Indicates the ratio of the requests received from another member of the array to the total number of requests that failed during the last measurement period.

Percent

 

Requests to array member

Indicates the ratio of the requests sent to another member of the array to the total number of requests that failed during the last measurement period.

Percent

 

Unknown SSL sessions

Indicates the total number of unknown SSL sessions that were serviced by the SSL tunnel.

Number

 

Connect errors

Indicates the percentage of errors that occurred while connecting to the Forefront TMG expressed as a ratio of the total number of failed requests during the last measurement period.

Percent

 

HTTP requests

Indicates the total number of HTTP requests made to the Forefront TMG since the start of the firewall service.

Number

 

HTTPS requests

Indicates the total number of secured HTTPS sessions that were serviced by the SSL tunnel.

Number

 

 

Outgoing connections:

Indicates the rate of outgoing connections that are made from the Forefront TMG.

Connections/sec

 

Incoming connections

Indicates the rate of incoming connections that are made to the Forefront TMG.

Connections/sec

 

Requests

Indicates the rate of incoming requests that were made to the web proxy.

Connections/sec

A higher value indicates that the Forefront TMG would require more resources to service all the incoming requeests. Tbis measure is a clear indicator of the Forefront TMG's load handling ability.

Reverse data transferred

Indicates the overall rate of data transmitted between the Web proxy and the web publishing servers in response to the incoming requests.

KB/Sec

 

Thread pool active sessions

Indicates the rate at which active sessions are currently serviced by the thread pools.

KB/Sec

A high value is desired for this measure.

Web proxy authentication queue length

Indicates the number of items that are currently waiting in the web proxy authentication queue.

Number

 

Compression ratio of size reduction

Indicates the ratio of average size reduction of the HTTP response body to the uncompressed body size during the last measurement period.

Percent

 

FTP requests

Indicates the number of File Transfer Protocol (FTP) requests that were made to the web proxy.

Number

A low value for this measure is an indication of the poor caching policy of FTP objects. Try altering the caching policy to get better results.

Thread pool failures

Indicates the number of requests that were rejected due to the thread pool being full.

Number