Microsoft Firewall service performance counters
Applies To: Forefront Threat Management Gateway (TMG)
The following table lists the performance counters for the Microsoft Firewall service.
| Performance counter | Description |
|---|---|
Accepting TCP Connections |
The number of connection objects waiting for a TCP connection from the Forefront TMG Client after a successful remote connection. This counter is currently disabled. |
Active Sessions |
The number of active sessions for the Firewall service. |
Active SIP registrations |
The total number of active SIP registrations. |
Active SIP sessions |
The total number of active SIP sessions. |
Active TCP Connections |
The number of active TCP connections currently passing data. Connections pending or not yet established are counted elsewhere. |
Active UDP Connections |
The number of active User Datagram Protocol (UDP) connections. |
Available UDP Mappings |
The number of mappings available for UDP connections. |
Available Worker Threads |
The number of Firewall service worker threads that are available or waiting in the completion port queue. |
Bytes Read/sec |
The number of bytes read by the data pump per second. |
Bytes Written/sec |
The number of bytes written by the data pump per second. |
DNS Cache Entries |
The current number of Domain Name System (DNS) domain name entries cached as a result of Firewall service activity. |
DNS Cache Flushes |
The number of times that the DNS domain name cache has been flushed or cleared by the Firewall service. |
DNS Cache Hits |
The number of times a DNS domain name was found within the DNS cache by the Firewall service. |
DNS Cache Hits % |
The percentage of DNS domain names serviced by the DNS cache, from the total of all DNS entries that have been retrieved by the Firewall service. |
DNS Retrievals |
The number of DNS domain names that have been retrieved by the Firewall service. |
Dropped Connections by IPS |
The number of connections dropped by IPS in user mode. |
Dropped Connections by IPS/sec |
The number of connections dropped by IPS per second in user mode. |
Failed DNS Resolutions |
The number of gethostbyname and gethostbyaddr application programming interface (API) calls that have failed. These are calls used to resolve host DNS domain names and IP addresses for Firewall service connections. |
Kernel Mode Data Pumps |
The number of kernel mode data pumps created by the Firewall service. |
Listening TCP Connections |
The number of connection objects that wait for TCP connections from remote Internet computers. |
Log queue size on disk |
The size of the Forefront TMG log queue on disk. |
Memory Allocation Failures |
The number of memory allocation errors. |
Pending DNS Resolutions |
The number of gethostbyname and gethostbyaddr API calls pending resolution. These are calls used to resolve host DNS domain names and IP addresses for Firewall service connections. |
Pending TCP Connections |
The total number of pending TCP connections. This is the total number of connections that are waiting for a connect call to finish. |
SecureNAT Mappings |
The number of mappings created by SecureNAT. |
Successful DNS Resolutions |
The number of gethostbyname and gethostbyaddr API calls successfully returned. These are calls used to resolve host DNS domain names and IP addresses for Firewall service connections. |
TCP Bytes Transferred/sec by Kernel Mode Data Pump |
The number of TCP bytes transferred by the kernel mode data-pump per second. |
TCP Connections Awaiting Inbound Connect Call to Finish |
The total number of TCP connections awaiting an inbound connect call to finish. These are connections from the Firewall Service to a firewall client after the Firewall Service accepted a connection from the Internet on a listening socket. |
UDP Bytes Transferred/sec by Kernel Mode Data Pump |
The number of UDP bytes transferred by the kernel mode data-pump per second. |
Worker Threads |
The number of Firewall service worker threads that are currently active. |