• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HOW TO: Set individual actions for connectivity verifiers

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> HOW TO: Set individual actions for connectivity verifiers Page: [1]
Message << Older Topic   Newer Topic >>
HOW TO: Set individual actions for connectivity verifiers - 15.Sep.2010 10:26:40 AM   


Posts: 1
Joined: 15.Sep.2010
Status: offline

First I apologize if this was already posted, forum search and google did not bring any results, but I thought this could be helpful for others.

The alert function is useful for sending an email when a connectivity verifier fails, you can also start a program which does something. However, these settings apply if  ANY of your connectivity verifier reports a problem. But what if you need specific actions for connection verifier a and others for verifier b?

The following steps use the new Task scheduler in W2K8 to solve this problem.

- Open Server Manager
- In the left pane expand "Configuration" and choose "Task Scheduler"
- In the Actions pane click "Create Task..."
- Choose a name for this task, add a description if you want to
- Make sure, a user with needed rights for your actions is set and activate "Run whether user is logged on or not" in the radio box. For actions which need administrative privileges, you can choose "Run with highest privileges"
- Go on to the next register card "Triggers" and create a new trigger.
- Choose Begin the task "On an event"
- In the settings check "Custom" and click "New Event Filter"
- In the Filter tab you activate the checkbox "Error"
- Choose "By source" and right of it select "Microsoft Forefront TMG Firewall" in the pull down menu
- Replace "<All Event IDs> with EventID for errors in connectivity verifiers: 21137
- Leave Task category blank
- In keywords you choose "Classic"

Now the filter is set to activate on errors with any connectivity verifiers. If you take a deeper look in the Event viewer, you can see the name of the verifier under "Details" and selecting "XML View".

Next step is to set the filter to include the name which is stored in the first Data field under <EventData>:

In the Event Filter you now go to register card "XML", you will find the query we have generated so far.
In the "<Select Path=" add " and *[EventData[Data[1]='NAME OF VERIFIER']] at the end.
Assuming your connectifity verifier is called "test", the query should look like this:

<Query Id="0" Path="Application">
  <Select Path="Application">*[System[Provider[@Name='Microsoft Forefront TMG Firewall'] and (Level=2) and (band(Keywords,36028797018963968)) and (EventID=21137)]] and *[EventData[Data[1]='test']]

In the future, you can also paste this query directly instead of using the "Filter" register card.

- Click OK and the correct trigger is now generated.

From that point on you can start programs/scripts you need in the "Actions" tab. Changing DNS-entries, web chaining rules, be creative!

If the connectivity verifier reports a reestablished connection, you can also create a task for this by changing in the filter "Information" instead of "Error" and EvendID 31310 instead of 21137.

< Message edited by shortman -- 15.Sep.2010 10:28:20 AM >
Post #: 1
RE: HOW TO: Set individual actions for connectivity ver... - 21.Sep.2010 2:48:04 PM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Shortman,

Nice tip!




Thomas W Shinder, M.D.

(in reply to shortman)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> HOW TO: Set individual actions for connectivity verifiers Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts