Syed Jahanzaib Personal Blog to Share Knowledge !

March 27, 2012

Forefront TMG 2010 ISP Redundancy : Configuring verification of link status


Modifying dead link detection periods

Howto reduce Dead/Available Link Detection Time out Frequency: Use the following vbs file,

Copy Paste the following code in notepad, and save it as TMG.VBS and edit it as per your requirement. then double click it to run on TMG.

set root=CreateObject("FPC.Root")
set arr=root.GetContainingArray()
set ExtNet=arr.NetworkConfiguration.Networks("External")
set ISPRCfg=ExtNet.ISPRedundancyConfig
ISPRCfg.MinimalResumeTime = 10
ISPRCfg.TestIntervalLinkAvailable = 10
ISPRCfg.TestIntervalLinkUnavailable = 10
ISPRCfg.FailuresToUnavailable = 1
ISPRCfg.SuccessesToAvailable = 1
ISPRCfg.Save

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Configuring verification of link status

In the default setting, TMG checks the status of the ISP link by trying to establish a TCP connection on port 53 (DNS zone transfer) to a list* of root DNS server on a round robin basis. If a connection can be established, TMG will consider the link active.

Although, the IP addresses and the TCP port used for the verification cannot be configured directly from the management console, If you need to modify these settings, e.g. because you setup your TMG server without direct access to the internet, you can do this by using the TMG COM, through simple Visual Basic script like this one: Following script is to change the root dns entries in TMG , which are used while tracking link detection.

set root=CreateObject("FPC.Root")
set arr=root.GetContainingArray()
set ExtNet=arr.NetworkConfiguration.Networks("External")
set ISPRCfg=ExtNet.ISPRedundancyConfig
ISPRCfg.ConnectivityVerificationRemoteIpAddresses.RemoveAll()
ISPRCfg.ConnectivityVerificationRemoteIpAddresses.Add "8.8.8.8"
ISPRCfg.ConnectivityVerificationRemotePort = 53
ISPRCfg.Save</span>

 

Author

Philipp Sand
Microsoft CSS Forefront Security Edge Team
Reference:
http://blogs.technet.com/b/isablog/archive/2009/11/26/tmg-isp-redundancy-unleashed.aspx

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Regard’s

Syed Jahanzaib

Symantec Endpoin Protection. Win32 Definitions not updating [SOLVED]


Symantec Endpoint Protection Manager 11.0

Symantec Endpoint Protection Manager 11.0

We have Symantec Endpoint Protection Manager Ver 11.0 Server [S.E.P.M]to protect our clients and servers from Virus / Spywares / and Network Threats. It is really cool product and it have helped us to breath smoother in many aspects and it is very good in centralized management/deployment.

It was working fine since long, but I noticed that SEPM stopped updating Antivirus And Antispyware Protection virus definitions and they were almost 1 week + old, rest of definitions including Proactive Threat Protection and Network Threat Protection were up to date. So there was something wrong with the virus definition update engine. I tried to manually launch Live Update on SEPM various times, but no use, Every time update all other definitions excluding Antivirus updates.
As showed in the image below . . .

.

It looked like that only Virus Definition engine was Jammed and for some reasons it was not downloading/accepting new definition.

I followed the below procedure to solve this issue.

Browse to ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/

Save the latest definition file (in .jdb extension) on your Desktop.
e.g:

03/26/12 03:55PM [GMT]                179,486,566 vd38f402.jdb
(171 MB)

Copy this definition file in the Default location of   SEPM  , (Where your SEPM is installed on the server.
e.g:

C:\Program Files\Symantec Endpoint Protection Manager\data\inbox\content\incoming\

As showed in the image below . . .

After few minutes , it will automatically push the definition to SEPM console and it will be distributed to clients in few minutes, All of my clients (100+) took about 20 minutes to update. Afterwards it worked fine.

As showed in the image below . . .

.

.

.

 

Cheers and Best Regard’s

Syed Jahanzaib

%d bloggers like this: