The purpose is to allow individuals that are not familiar with ISA or TMG to collect data that can be used to expedite the support process.
TMG Data Packager
•Installed with the TMG Best Practice Analyzer Tool (TMG BPA) for TMG Only.
•Version 8 (Previously known as ISA BPA)
•Download from http://isabpa.com
–Automatically redirects to Microsoft download site
–TMG BPA - http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8aa01cb0-da96-46d9-a50a-b245e47e6b8b&displaylang=en
ISA BPA
•Version 7 for ISA 2004 & 2006 only.
•Download it from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en
•Follow the same procedure for the TMG Data package collection process as follows.
Data Collection
o Install it on the client operating system that is having trouble with connectivity that is using the TMG Firewall Client.
o Go to Windows Icon (Start) -> All Programs à Microsoft ForeFront TMG -> TMG Tools -> TMG Data Packager.
o The initial screen should be configured as the screenshot on next slide
o Select “Collect data using one of the following repro scenarios:”
o Select “Firewall Client”
o Click “Next”
The next screen should appear:
o Click on “Start Data Collection”
o Press the <SPACEBAR> to start the capture. The next action is reproducing the issue..
o Press the <SPACEBAR> once the problem has been reproduced to stop the capture.
o The Cab file with the information will be on the desktop.
You can try to look at the logs to troubleshoot the issue.
The logs contain the following files:
BpaDataPackager log files which show errors that the application had while trying to collect data.
NetStatFiles – text output of a Netstat command
Network Captures – Netmon cap files of network captures on all interfaces on the system.
TmgTraces – Binary application tracing files <Used by Microsoft Support for advances troubleshooting>
1. Install the TMG BPA from http://isabpa.com on all systems running TMG 2010
2. To run the TMG Data Packager, go to Windows Icon (Start) -> All Programs -> Microsoft ForeFront TMG -> TMG Tools -> TMG Data Packager. (Note: Repeat these steps on all systems in the array to concurrently capture the traffic). (HINT: Try this when there is minimal traffic on the network. If possible, isolate the issue from the network in a lab or if in production, try to do this after normal business hours to produce cleanest results.)
3. The initial screen should be configured as the screenshot on next slide. Make the selections as indicated on the screenshot.
4. Click Next once the selections have been made.
5. Select Modify Options
6. Select Advanced
7. Check the top box for Error, Warn, Func. When complete, click Back.
8. Click Start Data Collection
9. Press the spacebar to start the capture. (Note: You should be up to this point on all systems. You will want to press the spacebar on all the systems at the same time for concurrent capture of the reproduction of the issue.)
10. Perform the repro steps to get the behavior from the client. Once the error condition occurs, press the spacebar on all systems to stop the data.
18. There will be a TMG CAB file that is put on the desktop.
•Install it on all TMG 2010 servers.
•Go to Windows Icon (Start) -> All Programs à Microsoft ForeFront TMG -> TMG Tools -> TMG Data Packager.
•The initial screen should be configured as the screenshot on next slide
1.Select the radio button for “Collect data using one of the following repro scenarios:”.
2.Highlight “Web Proxy and Web Publishing”.
3.Select “Next”.
4. Select “Modify Options”.
5.Uncheck “Perform free disk space check” from the top row, center column.
6.Select the “ISAinfo” box in the second row, first column.
7.Click on “Start data collection”.
If prompted to install network monitor, press the Y key on the keyboard.
To initiate the repro mode, press the space bar on all systems running the TMG BPA. This will start the collection of data needed to diagnose the issue.
Once the repro is complete, press the <Space bar> to stop the data collection. Once complete you will see the message:
The file TmgPackage.cab was created and is located in the C:\Users\<user>\Desktop folder. This file contains the current Forefront TMG and computer configurations.
Once this data is collected, we are ready to make the call to Microsoft CTS. This will help expedite the resolution if we have the data already collected.
This means different things to different people. The first and foremost principle is the protection of human life. After that, it is in the eye of the beholder. To me, we have the foundations of Confidentiality, Integrity and Availability. This was known as the CIA triad but has been changed to the AIC triad due to the similarity in the acronym of a US Intelligence agency. If you want information from them, click here.
Think of security more as a framework. It cannot impede the flow of business. It must be there to protect the business and individuals. Where do you begin when you want to think about security? First, there are some basic questions you should as yourself.
If the answer is no, then you have nothing to worry about and you can go off being the free spirit that you always dreamed about. Unfortunately for the rest of us, we do have something we need to protect. This can be our identity, money, home, business, data and most importantly, the ones we love. This world is a very nice place but there are some very bad things that go on in it. Go out there and start thinking of all of the things that need protection. It can become mind boggling and could easily overwhelm you. Next start thinking of the value of those items you need to protect. Are some of those things valuable in terms of monetary value, intellectual property, proprietary information or just sentimental. How could those items be replaced? This is the process of valuation. Some values are tangible and some are intangible.
More to come…
This is my product that I support at Microsoft. Affectionately known as TMG, this is a very good firewall product for those out there looking for a solution that will integrate a proxy, secure publishing and IDS/IPS system into one complete package. Let me plug a book that I had the pleasue of doing a security review prior to publish called Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion by Yuri Diogenes, Jim Harrison and Mohit Saxena. Just go to Amazon purchase it.
If you want to read more about TMG, go to Microsoft Forefront Treat Management Gateway 2010 website where you can even download a free trial.