29 07, 2010

Microsoft Forefront TMG logs size fields the wrong way around

By | 2010-07-29T04:49:04+00:00 July 29th, 2010|Firewall Analysis, Log File Analysis, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|0 Comments

If you’re using Microsoft Forefront Threat Management Gateway, there is a bug in the logging that causes Bytes Sent and Bytes Received to be logged in reverse. This seems to only affect the Web Proxy logs – both SQL and W3c . We noticed in a few web reports, that people were generally uploading a [...]

19 07, 2010

Why there is so much anonymous traffic in Microsoft TMG and ISA logs

By | 2010-07-19T03:18:29+00:00 July 19th, 2010|Aliases, Firewall Analysis, How To, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|5 Comments

One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports. So let’s [...]

18 06, 2010

Video: How to use WebSpy Vantage to report on IronPort log files

By | 2010-06-18T02:01:16+00:00 June 18th, 2010|Aliases, Firewall Analysis, How To, IronPort, Log File Analysis, Reports, Scheduled Tasks, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, Web Module, WebSpy|0 Comments

I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through [...]

11 06, 2010

Accessing Microsoft Forefront TMG's Log Files (SQL Express)

By | 2010-06-11T06:54:59+00:00 June 11th, 2010|Firewall Analysis, How To, Loaders, Log File Analysis, Microsoft Threat Management Gateway, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|1 Comment

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files. The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot [...]

12 03, 2010

Vantage Update 2.2.0.29 – New Fields for IronPort

By | 2010-03-12T06:55:01+00:00 March 12th, 2010|Firewall Analysis, IronPort, Loaders, Log File Analysis, Software Updates, System Administration, Uncategorized, Vantage, Web Browsing Analysis|0 Comments

We have just added support for the 'Group' field in IronPort's access logs. You can add this field to your logs by adding %g in the 'Custom Fields' edit box. We have also added support for the custom fields Body Request Size and Body Response Size.

8 02, 2010

8 Reasons NOT to Use Microsoft Forefront TMG's Reporting

By | 2010-02-08T06:48:39+00:00 February 8th, 2010|Aliases, Firewall Analysis, How To, Loaders, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Uncategorized, Vantage, Web Browsing Analysis, Web Module, WebSpy|6 Comments

I've been having a look through the reporting functionality included in Microsoft Forefront Threat Management Gateway to find that not much has changed from ISA Server 2006. There is some new information regarding the newly implemented URL categorization and threat management technology, but there is very little flexibility or customization for those with reporting requirements beyond general overviews cluttered with irrelevant information. Here is what I consider to be the 8 main limitations of Microsoft Forefront TMG's reporting functionality.

16 12, 2009

Microsoft TMG and UAG Released! What is the difference?

By | 2009-12-16T07:31:02+00:00 December 16th, 2009|Firewall Analysis, Loaders, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Software Updates, Uncategorized, Vantage, Web Browsing Analysis, WebSpy|0 Comments

Most of our customers using Microsoft ISA server are probably aware by now that Microsoft have released the new version of ISA server, which is now re-branded as Microsoft Forefront Threat Management Gateway (TMG). In addition to this, Microsoft has also re-branded its Internet Access Gateway (IAG) to Unified Access Gateway (UAG). […]

27 11, 2009

Another Reason Organizations Should Avoid Excessive Internet Blocking

By | 2009-11-27T07:52:01+00:00 November 27th, 2009|How To, Sales and Marketing, Tips and Best Practices, Uncategorized, Web Browsing Analysis|0 Comments

Google Alerts have become an invaluable tool to keep track of WebSpy’s online presence and mentions. I’m also alerted on keywords related to other players in the Internet Security Industry. The last couple of weeks I have noticed quite a steep increase in alerts on a well-known internet blocking and filtering vendor. Majority of these [...]

14 10, 2009

Microsoft Forefront TMG Release Candidate now available

By | 2009-10-14T01:00:34+00:00 October 14th, 2009|Firewall Analysis, Loaders, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Third Party, Uncategorized, Vantage, Web Browsing Analysis, WebSpy, WebSpy News Update|0 Comments

Microsoft have announced the availability of Microsoft Forefront Threat Management Gateway (TMG) Release Candidate (RC). This is the final public release of TMG before it is made available to purchase. If you're considering upgrading your ISA Server to TMG, this means that you can start your deployment using the Release Candidate, and simply switch it to a licenced version with no additional configuration changes once the full release is available.

11 08, 2009

Video: Setup a complete Internet monitoring solution in less than 15 minutes!

By | 2009-08-11T07:59:31+00:00 August 11th, 2009|Analyzer, How To, Live, Log File Analysis, Sentinel, Uncategorized, Web Browsing Analysis, WebSpy|0 Comments

Here's a video I put together demonstrating how to get up and running with a complete monitoring and reporting solution in less than 15 minutes. The video demonstrates three products: WebSpy Sentinel, for complete data capture, WebSpy Live for real time alerts, and WebSpy Analyzer Standard for analysis and reporting.