Microsoft Forefront Threat Management Gateway: Using Network Monitor 3 for Troubleshooting TMG

  • 2/10/2010
Contents
This chapter from Microsoft Forefront Threat Management Gateway (TMG) Administrator's Companion covers the basics of Network Monitor, including how to capture data and some Network Monitor capture scenarios.

  • Using Network Monitor to Capture Traffic

  • Reading a Network Monitor Capture

  • Troubleshooting TMG Using Network Monitor

  • Summary

Microsoft Forefront TMG includes some built-in tools to assist in troubleshooting various scenarios, such as publishing rules and access rules. However, in some situations you will need to go a step further and analyze what is happening on the wire to better understand TMG behavior. For those scenarios the best tool to use is Network Monitor. This chapter will cover the basics of Network Monitor, including how to capture data and some Network Monitor capture scenarios.

Using Network Monitor to Capture Traffic

As explained in Chapter 4, "Analyzing Network Requirements," the definition and understanding of your network’s traffic profile is important so that you can know precisely what TMG should handle as far as protocols are concerned. Perhaps you have proprietary applications that are not using default ports and therefore you need to create a custom protocol definition on the TMG firewall. Commonly, in medium and large network environments not all applications used on the client workstation are precisely documented—the protocol and port the workstation uses are not always described.

MORE INFO

The following blog post offers an example of how Network Monitor can assist you in identifying unknown traffic: http://blogs.technet.com/yuridiogenes/archive/2008/10/19/using-NetworkMonitor-3-2-to-identify-an-unexpected-traffic.aspx.

Sometimes applications are deployed to client workstations without proper documentation and without you understanding how the application works. These scenarios gain complexity when the application needs to use a server located outside of the internal network and the traffic needs to pass through TMG. Without proper documentation from the application vendor, you will have to investigate what protocols the application requires to create access rules on TMG firewall.

This is only one example of a scenario in which you can use Network Monitor to identify traffic patterns and troubleshoot network connectivity issues. The version that we use in this book is the currently available public version (at least at the time of this writing), which is Network Monitor 3.3.

MORE INFO

Watch for new releases and for articles related to Network Monitor at the Network Monitor Team’s blog: http://blogs.technet.com/netmon.

Save to your account

This chapter is from the book