Sessions tab

  • Article

You can monitor active connections with the Sessions tab, where a session is the unique combination of a client's IP address and user name. The following information is displayed on the Sessions tab:

  • Activation—Date and time the session began.
  • Server name—The name of the Microsoft Forefront Threat Management Gateway firewall.
  • Session type—You can monitor connections from the following Forefront TMG clients: Firewall client, SecureNAT, VPN client, VPN site-to-site, and Web Proxy.
  • Client IP—The source IP address of the client.
  • Source network—The network from which the session originated.
  • Client user name—The client authenticated by Forefront TMG when authentication is required.
  • Client host name—For Firewall clients.
  • Application name—For Firewall clients. This field is not displayed by default.

Note:

Forefront TMG does not separate session counters for all clients:

  • Web Proxy client sessions have a corresponding SecureNAT session. There is one SecureNAT session for all Web Proxy client sessions from a particular computer.
  • Firewall clients have a corresponding SecureNAT session. For a computer with Firewall Client installed, there will be a SecureNAT session, as well as a Firewall client session, for that computer.
  • If a computer has both Web Proxy and Firewall client sessions, there will be only one SecureNAT session, because the session is defined per computer.
  • A connection between two computers through the firewall can belong only to one session. This design affects how server publishing rule connections are displayed in the sessions list. A session is shown between the published server and the Forefront TMG computer. Client connections to this published server are associated with the session between the published server and Forefront TMG, and do not appear as separate sessions.
  • When Forefront TMG does not require authentication, all traffic from the same IP address is considered to be a single session. For example, if a Web browser opens more than one TCP connection to the same IP address, Forefront TMG considers the connections to be a single session.
  • Web Proxy client sessions indicate the last minute of Web browser activity, even if the client is not currently browsing.
  • When IP routing is disabled, traffic from users and IP addresses is listed on the Sessions tab. When IP routing is enabled, only sessions from traffic that passes using an application filter are listed.
  • A summary of the sessions for each client type, and the total sessions, is displayed on the Dashboard.