NNA and TMG(Threat Management Gateway-Microsoft Forefront)

[rashid2014]

please how can i use Nagios network analyzer to analyse the trafic of a TMG server???
when i use Flow export and nprobe, i don't receive network flows!please help me!

[slansing]

How did you configure nProbe on the Windows system? Are you allowing packets through the port you chose? When you added the source in Network Analyzer, did you make sure to choose the correct port? The one you set nProbe to on the TMG system? Do you see traffic coming in on that port?:

Code: Select all

tcpdump -i <networkinterface> port <portnumber>

[rashid2014]

i use flow exporter!! yes the port is correct but i receive nothing
i don't see trafic coming on that port
i try with nprobe the result is the same

[sreinhardt]

When you say you are not seeing traffic, is this via the nna page, tcpdump, or some other tool? Is your source for this device started on NNA? A command you can run on the NNA system to see if traffic is coming in:

Code: Select all

tcpdump -i eth0 -vvv 'port [TMG port]'

If you could post the output from letting that run for a few moments, that would be very helpful. If you need to, feel free to remove any sensitive information like IP addresses.

[rashid2014]

hello sreinhardt
i am not seeing traffic via NNA page.yes the sources starts on NNA.
when i put tcpdum -i eth0 -vvv 'port 2030'(2030 is the port of TMG) i wait several minutes but it captures nothing when a stop the command
the result is :
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
4 packets received by filter
0 packets dropped by kernel

aparament nothing goes through this port i think

[tmcdonald]

Might there be a firewall on your Windows machine or elsewhere between it and your NNA server that might be blocking that port? Are you certain the flow service is running?

[rashid2014]

i creat a rule in the TMG SERVER firewall to permit inbound/outbound access to his port(2030) but i have nothing like flows wich come from the TMG SERVER sources.
i verify several times but the confuguration of the source is correct. help please!

[sreinhardt]

Well at this point, it seems that either there is a second firewall in between TMG and NNA or TMG\flow exporter are not sending flows. The first thing I would suggest is verifying that there are no additional blocking devices between our two systems, and if there are, that your ports are open at least from TMG to NNA. Secondly, you can install wireshark on TMG if that is allowed, and collect packets there, to see if port 2030 is actually in use and active. If not, then flow exporter or nprobe is not likely started or configured properly.

[rashid2014]

there is no other firewall beetwen TMG and NNA server. wireshark does not capture any thing on the port 2030.
is there an agent like nprobe flow exporter specially for the os window server 2008 R2???

[sreinhardt]

There absolutely is, although they are all paid solutions. We usually suggest the flowtraq exporter, as it provides true netflows not sflow like some of the others out there. I was under the impression you had configured this through TMG specifically, if that is not a part of TMG, Windows will always need some form of exporter installed first.