Hi everybody!!!
I have got a big trouble with my TMG, and need a help. Have already surfed the internet, but found nothing!!! and I can't believe to this. I have 8 Years experience with Microsoft Firewalls, beginning with ISA 2004 till now. And this is a first time I faced such kind of problem.
We have a not big, but at the same time not small company. Approximately 2000 workers, where 1500 of them have an internet access. Also we have 40 branches. and only 4 of branches have there own (directly connected) internet. All others connected through the central office, where I have installed 2 TMG with NLB integrated. All my 6 (two in Central office 4 in branches) TMG servers connected to EMS where from I manage them. Such configuration worked very well with Enterprise ISA 2006. But when I changed all my structure to TMG, some of the servers (usually in Central branches) blocks all connections. I even can't logon locally. If I logged on, I couldn't make an a restart computer, because it can't logoff, and can not restart Microsoft firewall service. It just stopping. I only can make a forth restart (by power button).
No information in a log. No where.
I was looking in internet, and just found that the reason might be a lot of half-opened SYN connection. But how I can increase the minimum half-open SYN connection??? Or may be I should disable Mitigate a flood attacks at all.
Additionally
1. I can also say that I suspicious, it happens when internet connection in some remote branches crashed, and central TMG servers or TMG servers in other branches began to block all new inbound.
2. We have newest Symantec Endpoint Protection 12 .1.3001 installed on all TMG server (with it's firewall disabled) and I have this in log file:
"Forefront TMG detected Windows Filtering Platform filters that may cause policy conflicts on the server SRV1TMG. The following providers may define filters that conflict with the Forefront TMG firewall policy: Symantec IPS Provider,SYMANTEC CORPORATION."
3. We have DEll 410 Rack mounted server. with 16 GB RAM. 1500 internet users. In branches with there own internet no more than 40 users per TMG.
4. I have installed SP2 and Rollup 3 installed in all TMG.
5. SurfCop internet monitoring agent installed in all TMG servers. It sends all data to separate DataBase server. And working well. But has a great amount of data sending between all servers. But it was working without problems with Enterprise ISA 2006.
Please-Please-Please!!! If some one knew the reason, help me. In other case I have to roll back to ISA!!!
Thanks for everybody.
- Edited by Serg-MFBA Monday, September 23, 2013 6:49 AM