Overview of the Monitoring node

Microsoft Forefront Threat Management Gateway provides a range of monitoring tools to help you track network status, create alerts to keep you up-to-date on firewall behavior, configure and view logs to track Forefront TMG activity, and create reports to customize and summarize log information. These features make it easier to ensure that your network is running as expected, to stay aware of attempted intrusions, to track network usage, and to begin troubleshooting where necessary.

The following table summarizes the key monitoring features that appear in the details pane of the Monitoring node in Forefront TMG Management.

Feature Details


The Dashboard summarizes information from the various monitoring tabs and Forefront TMG performance counters to provide a quick view of system functioning.


The Alerts tab provides a list of alerts that have been triggered. Alerts are triggered when specific events occur. You can reset alerts to remove them from the Alerts tab, or indicate that you are handling alerts by acknowledging them, thus changing their status on the Alerts tab, and removing them from the Dashboard display.


The Sessions tab lists all active sessions. You can sort or disconnect individual or groups of sessions. You can filter the entries in the session's interface to focus on the sessions of interest.


The Services tab provides the status of Forefront TMG services. You can stop and start the Microsoft Firewall service, the Microsoft Forefront TMG Job Scheduler service, and the Microsoft Data Engine service.


The Configuration node provides the status of the Forefront TMG server.


The Reports tab displays reports that have been created or are in the process of being created. You can use the reporting features to summarize and analyze usage patterns, and to monitor network security. You can manage existing reports, create scheduled report jobs, create one-time reports, and customize report information.

Connectivity Verifiers

The Connectivity Verifiers tab displays all the configured connectivity verifiers. Configure connectivity verifiers to check connections to a specific computer name, IP address, or Uniform Resource Locator (URL). Use the following methods to determine connectivity: Ping, Transmission Control Protocol (TCP) connect to a port, or Hypertext Transfer Protocol (HTTP) GET.


The Logging tab displays Firewall logs and Web Proxy logs in real time. You can query the log files using the built-in log query facility.

System Performance

The Dashboard provides a System Performance section showing the status of two of the main performance counters for Forefront TMG:

  • Allowed packets per second
  • Dropped packets per second