Internet Related/Filtering/Firewall Thread, Forefront Threat Management Gateway 2010 - User web proxy logging in Technical; Hi all,
I've been playing around with TMG 2010 inside a VM as looking at it as a free alternative ...
7th December 2010, 01:31 PM #1
Forefront Threat Management Gateway 2010 - User web proxy logging
I've been playing around with TMG 2010 inside a VM as looking at it as a free alternative to LEA websense (we have Vol licence) when they pull the free plug next year but also looking at it for replacing the last component of Ranger that we use (web montoring).
As far as I understand SP1 of TMG 2010 includes a user web tracking/reporting feature and although I can find where the report is I can't seem to get the user data to be recorded on the server.
I've setup a basic 'Web Access Policy' which blocks access to the nastys and allows to everything else but have no clue where to go from there.
Furthermore am I correct in thinking that TMG could be setup as a transparent proxy if I were to set it up as a server with two network points (one to internal and one to external (the web) connections)?
8th December 2010, 11:06 AM #2
For the user report you need to include the domain name in the username, ie domainname\username. To see what is being logged do some browsing from a test machine, make a note of it's IP address and then query the web logs for that client IP for the last 5 minutes (for example). You can then see everything that's being logged against that IP and this will help you to understand how the logging works.
9th December 2010, 08:11 AM #3
For user based logging you will need to add the TMG to your domain. The logging features of TMG are quite extensive but if you want a great (but expensive) solution you'lll need to look at GFI products. You can install the TMG with just one nic and use it as a proxy, however i'll allways recommend to install it with 2 nics and use the great firewall capabilities.
let me know if you need some help with it
20th June 2011, 01:55 PM #4
- Rep Power
Just going to jump in on this thread.
I have the exact same problem, in the respect that I simply cannot get the User Activity Reports to display any information. I have passed it the domain name (domain\username) using FQDN when it failed the first time. I can't seem to find any articles anywhere that help me with this matter.
By wesleyw in forum Windows
Last Post: 14th October 2010, 07:17 AM
By apearce in forum General Chat
Last Post: 10th May 2010, 12:47 PM
By FN-GM in forum Internet Related/Filtering/Firewall
Last Post: 4th March 2010, 07:55 AM
By teejay in forum Internet Related/Filtering/Firewall
Last Post: 26th January 2010, 02:34 PM
Last Post: 2nd November 2007, 09:58 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)