Performance Tuning Forefront TMG 2010

Microsoft Forefront TMG 2010 has been a solid product. It has not had an update in some time, and that’s a shame.

I was reviewing my TMG server a few weeks ago in order get a bit more performance from it. The server is virtualized, and currently only gives me around 50-60mb/s throughput with all its rules. I wanted to increase this and make it more responsive in the process.

So let us proceed:

#1 Sort Rule Priority

Like most other firewalls, TMG processes rules from top to bottom. If you have a frequently accessed rule, like web browsing, for example, put this at the top. For me, this was a spam filter listening rule. TMG had connections coming in for the spam filter at the rate of 5-10 per second. I moved these to the top

tmg1

 

The next rule you want to sort out is traffic from TMG server. I would generally add this as my second/third rule.

tmg1.1

After this came my office outbound rulestmg2

 

After this came the rest of my rules which consisted of various servers/voip etc.

#2 Disabled Legacy Services

Since TMG is now discontinued, many of the services in TMG are no longer updated. It’s up to you, but you might as well disable them to recover some performance. These services are:

  • IPS
  • Spam Filtering
  • Virus and Content Filtering

Ensure each one is disabled. You might be a bit hesitant to disable these. If you check your definitions, you will find they have not been updated in some time.

tmg3

tmg4

#3 Remove Old Rules

Lastly, remove any old rules. We don’t tend to look at firewalls often. So this simple task often gets overlooked.

As well as removing the old rules, ensure that you make your listener rules only listen to what’s needed. This will cut down on processing time.

Conclusion

TMG is a great product, but now beyond its used by date. TMG will always hold a special place in my software archive as a product that could have become a great firewall appliance <3

I hope this helps.

Leave a Reply