Performance Tuning Forefront TMG 2010

Microsoft Forefront TMG 2010 has been a solid product. It has not had an update in some time, and that’s a shame.

I was reviewing my TMG server a few weeks ago in order get a bit more performance from it. The server is virtualized, and currently only gives me around 50-60mb/s throughput with all its rules. I wanted to increase this and make it more responsive in the process.

So let us proceed:

#1 Sort Rule Priority

Like most other firewalls, TMG processes rules from top to bottom. If you have a frequently accessed rule, like web browsing, for example, put this at the top. For me, this was a spam filter listening rule. TMG had connections coming in for the spam filter at the rate of 5-10 per second. I moved these to the top

tmg1

 

The next rule you want to sort out is traffic from TMG server. I would generally add this as my second/third rule.

tmg1.1

After this came my office outbound rulestmg2

 

After this came the rest of my rules which consisted of various servers/voip etc.

#2 Disabled Legacy Services

Since TMG is now discontinued, many of the services in TMG are no longer updated. It’s up to you, but you might as well disable them to recover some performance. These services are:

  • IPS
  • Spam Filtering
  • Virus and Content Filtering

Ensure each one is disabled. You might be a bit hesitant to disable these. If you check your definitions, you will find they have not been updated in some time.

tmg3

tmg4

#3 Remove Old Rules

Lastly, remove any old rules. We don’t tend to look at firewalls often. So this simple task often gets overlooked.

As well as removing the old rules, ensure that you make your listener rules only listen to what’s needed. This will cut down on processing time.

Conclusion

TMG is a great product, but now beyond its used by date. TMG will always hold a special place in my software archive as a product that could have become a great firewall appliance <3

I hope this helps.

Making WordPress Faster with Google’s mod_pagespeed – Part #1

WordPress is a website framework used by millions around the world. Getting WordPress to work reliably and quickly, however, can be a difficult task.
Over the last few days, I’ve been trying to get my WordPress site operate as efficiently and swiftly as possible. I run my current website on Linux, Ubuntu to be exact. On top of this, I run the Web server Apache.

Google PageSpeed Insights listed my website with a score of 74/100. This is not a good score, and it will push your Google ranking down. My goal was to get this ranking up.

My first step was to look at mods for Apache. The one model used in the past which is very good as a Google’s mod pagespeed. This mod does many things such as compressing images, resizing images, combining JavaScript, combining CSS, removing blocking JavaScript, and many other tasks. So the first part of this post is going to look at installing mod page speed and configuring it for your website.

The first thing to do is to log into your Web server via SSH or telnet and install mod page speed.

Now to install mod page speed you need to go to the developers Google website. The easiest way to install mod page speed is to copy the link from the website and use wget to download it and to install it with apt-get. I recommend you only use the latest stable version.wget

wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
dpkg -i mod-pagespeed-*.deb
apt-get –f install

The great thing is once the mods install on your server, it adds to a repository to your servers repository list. In future, you only have to type apt-get upgrade to install new versions.

Once pagespeed is installed, you need to enable it. To do this type the following:

a2enmod pagespeed

Another mod you also want to make sure it is enabled, is expires. To enable this mod, type the following:

a2enmod expires

Once these mods have been enabled, you need to restart Apache. The easiest way to do this is to type the following:

services apache2 restart

Now we need to set some configuration options. I don’t usually set configuration options on pagespeed’s global configuration. Instead, I do the page speed configuration at that the vhost level.

To set you configuration options you need to edit your sites availability configuration file which is typically hosted on the Apache folder. You can find this location here:

cd /etc/apache2/sites-available/

In this directory, you should have the configuration file for your current site. I am going to too much detail around these configuration file. This is something you probably need to look up on your own and figure out how this is configured yourself.

The first thing we need to do an vhost file, is make sure that pagespeed is turned on. To do this open up you’re vhost file, and add the following commands:

ModPagespeed on

As you may have gathered, this turns pagespeed on. As well is this, though, you need one other command to make this work. The commander is the following:

ModPagespeedRewriteLevel CoreFilters

The core filters command tells pagespeed to apply the core filters. The core filters are a set of configurations which are applied to pagespeed. You can find out more about these filters here.

While and the vhost configuration file, I also suggest we turn on the expires module. This is done by typing the following:

ExpiresActive on

However as with pagespeed you need one more command to make this function properly. That is the following:

ExpiresDefault "access plus 1 week"

there are additional settings we can apply to this. Some examples are listed below:

ExpiresByType image/jpg "access plus 1 week"

ExpiresByType image/jpeg "access plus 1 week"

ExpiresByType image/gif "access plus 1 week"

ExpiresByType image/png "access plus 1 week"

This is the basics of our configuration file for the vhost. We now need to restart Apache again, by doing the following:

service apache2 restart

If you now try the Google PageSpeed Insight Test again, you should find that your score increases. Our score increased up to about 85/100 just by using mod pagespeed. There are additional filters that you can apply to mod pagespeed to do different things. These additional filters, can be viewed here. If you follow the column in court filters, and it is selected is no, this filter is not applied currently. To apply one of these filters, said it in your vhost file as follows:

ModPagespeedImageRecompressionQuality 70

ModPagespeedEnableFilters defer_javascript,inline_preview_images,resize_mobile_images,remove_comments,sprite_images

ModPagespeedEnableFilters inline_google_font_css,insert_image_dimensions,combine_css

If you reload Apache again, you will find that your Google page rank score increases even further.

There are further tricks that we can apply to pagespeed. But they are out of the scope of this post. I will follow this up with an additional post on the most advanced options of pagespeed.

My full configuration file was as follows:

        ServerName www.website.com
        ServerAdmin info@websome.com
 
        ServerAlias website.com
 
        DocumentRoot /var/www/website.com/public_html/
        
        AllowOverride All     
 
        AccessFileName .htaccess
 
        #LogLevel info ssl:warn
 
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 
        ExpiresActive on
        ExpiresDefault "access plus 1 week"
        ExpiresByType image/jpg "access plus 1 week"
        ExpiresByType image/jpeg "access plus 1 week"
        ExpiresByType image/gif "access plus 1 week"
        ExpiresByType image/png "access plus 1 week"
 
        ModPagespeed on
        ModPagespeedStatistics on
        ModPagespeedStatisticsLogging on
        ModPagespeedLogDir /var/log/pagespeed     
        ModPagespeedRewriteLevel CoreFilters
        ModPagespeedStatistics on
        ModPagespeedFileCachePath            "/var/cache/pagespeed/"
        ModPagespeedFileCacheSizeKb          400000
        ModPagespeedFileCacheCleanIntervalMs 3600000
        ModPagespeedFileCacheInodeLimit      500000
        ModPagespeedImageRecompressionQuality 70
        ModPagespeedEnableFilters defer_javascript,inline_preview_images,resize_mobile_images,remove_comments,sprite_images
        ModPagespeedEnableFilters inline_google_font_css,insert_image_dimensions,combine_css

If you have any questions, please list them below.