Using Microsoft Forefront Threat Management Gateway flood mitigation with Smoothwall

Article #:

Product

Castle

1789

All

All

Summary

You are running a Smoothwall behind an Microsoft® Internet Security and Acceleration (ISA) server, with Microsoft Forefront Threat Management Gateway (Forefront TMG).

Users are reporting browsing experience is slow.

Problem

The Forefront TMG flood mitigation feature prevents internal clients from making large amounts of external connections. It will see all web traffic requests coming from the Smoothwall IP address and therefore will throttle the connection based on the flood mitigation rules. This leads to slowness and perceived poor Guardian performance.

Solution

Large amounts of external connections is normal behavior for your Smoothwall web filter.

You must configure your Forefront TMG settings to ensure that it is not restricting the number of external connections that the Smoothwall can make. You will need to configure a custom IP address exception. You may also need to configure a similar exception for your DNS.

The following article from isaserver.org a detailed description for TMG and ISA flood mitigation, including instructions for the above — http://www.isaserver.org/articles-tutorials/configuration-security/TMG-Firewall-Flood-Mitigation-Part1.html.

If you are unsure how to access the features, contact your TMG support.

Note: The links provided above take you to external sites. Smoothwall are not responsible for the content therein.

Attribution:

Last updated:

Author:

Contributions by:

23 August 2016

 

DMT

 

Copyright © 2000-2016 Smoothwall All rights reserved.