Why there is so much anonymous traffic in Microsoft TMG and ISA logs

One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports. So let’s …

Website Categorization – Assessing Productivity

Security and Threat Management solutions, such as Microsoft Forefront TMG, IronPort and Blue Coat, use predefined URL categorization to simplify blocking and filtering management. Different security vendors have different ways of categorizing websites but it generally involves referring to a gigantic, regularly updated database of millions of websites sorted into 50-100 relevant categories. Majority of …

Accessing Microsoft Forefront TMG’s Log Files (SQL Express)

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files. The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot …

Vantage Update 2.2.0.43

We’ve just released an auto update for WebSpy Vantage (Premium, Giga and Ultimate) as well as the Web Module. This is a great update for Vantage Ultimate users as we’ve introduced a new feature/tab into the Web Module called ‘Dynamic Reports’.

Here’s the full list of changes since the last auto update (2.2.0.32 on the 14th April 2010).

Vantage Update 2.2.0.27 – Fix for Microsoft FTMG SQL Import

Our support for Microsoft Forefront Threat Management Gateway is quite new and we’ve just fixed a couple of issues that we haven’t yet released as a public update yet. In particular, this update fixes the “specified cast invalid error” that occurs when importing the Web Proxy database logs.

8 Reasons NOT to Use Microsoft Forefront TMG’s Reporting

I’ve been having a look through the reporting functionality included in Microsoft Forefront Threat Management Gateway to find that not much has changed from ISA Server 2006. There is some new information regarding the newly implemented URL categorization and threat management technology, but there is very little flexibility or customization for those with reporting requirements beyond general overviews cluttered with irrelevant information. Here is what I consider to be the 8 main limitations of Microsoft Forefront TMG’s reporting functionality.