Monitoring client sessions

The Sessions tab allows you to monitor active connections for a particular computer or user name. This topic provides information about monitoring sessions and filtering the sessions view.

Where to start: To monitor a session, in the Forefront TMG Management console tree, click the Monitoring node. Then click the Sessions tab.

  1. In the details pane, select a session (where a session is the unique combination of a client's IP address and user name). The following information is displayed for each session:
    • Activation. Date and time the session began.
    • Server name. The name of the Microsoft Forefront Threat Management Gateway firewall.
    • Session type. You can monitor connections from the following Forefront TMG clients: Firewall client, SecureNAT, virtual private network (VPN) client, VPN site-to-site, and Web Proxy.
    • Client IP. The source IP address of the client.
    • Source network. The network from which the session originated.
    • Client user name. The client authenticated by Forefront TMG when authentication is required.
    • Client host name. For Firewall clients.
    • Application name. For Firewall clients. This field is not displayed by default.
  2. To disconnect a session, select the session entry, and then click Disconnect Session in the Tasks tab. Disconnecting sessions does not prevent clients from creating new sessions. To do this, you must create access rules specifically denying access to the specific clients.
  3. Note the following:
    • A summary of sessions for each client type is displayed on the Dashboard tab.
    • Web proxy client sessions have a corresponding SecureNAT client session. For all Web proxy client sessions from a particular computer, there is one SecureNAT session.
    • Firewall client sessions have a corresponding SecureNAT client session. For each computer with Firewall Client installed, there is a SecureNAT session in addition to a Firewall client session. If a Firewall client computer has an application running as a Web proxy client, only one SecureNAT client session is shown.
    • A connection between two computers through Forefront TMG can only belong to one session. When a server is published using server publishing, a session is shown between the published server and the Forefront TMG computer. Client connections to the published server are associated with this session and do not appear as separate sessions.
    • When authentication is not required, all traffic from the same IP address is considered to be a single session. For example, a Web browser opening more than one TCP connection to the same IP address is considered to be a single session.
    • Web proxy client sessions indicate the last minute of Web browser activity, even if the client is not currently browsing.

  1. Manage session monitoring as follows:
    • To stop monitoring all sessions, click Stop Monitoring Sessions in the Tasks tab. When you stop session monitoring, Forefront TMG loses all information about any sessions that have been monitored.
    • To restart monitoring all sessions, click Start Monitoring Sessions in the Tasks tab. When you restart monitoring, Forefront TMG starts collecting information about active sessions.
    • To pause session monitoring, click Pause Monitoring Sessions in the Tasks tab. Sessions displayed are not removed, but new sessions are not added.
    • To resume session monitoring, click Resume Monitoring Sessions in the Tasks tab.

You can filter session information and then save the resultant query for future use. For example, if a client reports problems connecting, you can create a filter that displays session information only for that client. Create a filter as follows:

  1. On the Tasks tab, click Edit Filter.
  2. In the Edit Filter dialog box, specify a filter criteria, condition, and value. For example, you can select to filter by Client IP with the condition Equals, and then specify the IP address of the client as a value. This allows you to filter sessions for a specific client computer.
  3. To save the session filter, click Save Filter.
  4. To load an existing filter, click Load Filter.
  5. Click Start Query to start session monitoring sessions that match the specified filter. The filter expressions are combined using the logical AND operations. Only data for sessions that match all the expressions is displayed.