Microsoft Office 365 – All you want to know is right here!!!

All you want to know about Office 365 in the Other region / Middle east region – Information is wealth ……… Share it! ……… PREMNAIR

TMG flood Mitigation settings for Office 365 migration

Microsoft Forefront Threat Management Gateway can help you mitigate connection flooding attacks that are a prevalent corporate reality. A flood occurs when a malicious user attempts to attack a network in a variety of evolving ways. The goal of a flood attack is to deplete the victim’s resources and disable its services. A flood also occurs when a worm attempts to propagate itself to other hosts. A flood attack may create any of the following conditions on the Forefront TMG computer:

  • Heavy use of disk space.
  • High CPU load.
  • High memory consumption.
  • High network bandwidth consumption.

The Forefront TMG flood mitigation features include various functions, which you can configure and monitor to help ensure that your network stays protected from malicious attacks. The flood mitigation mechanism uses the following:

  • Connection limits that are used to recognize and block malicious traffic.
  • Logging of flood mitigation events.
  • Alerts that are triggered when a connection limit is exceeded.

I’ve come across this scenario when a Hybrid deployment (Exchange 2010 and Office 365), you will be using Third party migration handle/MRS/MRSProxy to perform the mailbox moves between premises (On-Prem and O365). This operation can potentially fail when you traverse a TMG server. The reason for this is a defense mechanism built into TMG called Flood Mitigation. If you were to run into this issue you would see an error while migrating the mailboxes similar to the following: “Mailbox Move to the cloud fail with error: Transient error CommunicationErrorTransientException has occurred. The system will retry”.  To verify this is your issue you could review the Alerts section in the TMG management interface. To find the Alerts section you would open the Microsoft ForeFront TMG management interface. Then in the tree on the left you would go to Monitoring , which will expose the Alerts tab in the middle pane. In there you can find the alerts which says “Description: The number of HTTP request per minute from the source IP address xxx.xxx.xxx.xxx exceeded the configured limit. Forefront TMG will block new HTTP requests sent from this IP address.”

Reason: There is a default threshold setting for Flood Mitigation within the TMG interface, which can be found in the Microsoft ForeFront TMG management interface. Once you are in there just select the Intrusion Prevention System option from the tree on the left as shown below.

 Click on the “Configure Flood Mitigation Settings” and edit all the parameters for the menu below in red circle and click ok.

Enjoy!!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog Stats

  • 105,966 Visited this page

Archives

%d bloggers like this: