Where is fwengmon on Forefront TMG 2010?

  • Article

FWEngmon can be used in many circumstances and here are some great examples on how to use this tool:

 

https://blogs.technet.com/isablog/archive/2008/03/12/bi-directional-affinity-in-isa-server.aspx

https://blogs.technet.com/isablog/archive/2008/06/24/server-publishing-with-isa-server-2004-2006-and-route-relationship-between-networks.aspx

https://blogs.technet.com/isablog/archive/2007/06/25/rpc-over-http-logging-wildness.aspx

 

With Forefront TMG 2010 this tool is gone, but no worries, now it is actually much better since is part of the netsh command. Here it is an output of the command that shows the active sessions:

 

C:\>netsh tmg show connections

Active Sessions:

                  Source / Destination /

ID Protocol Source Proxy Dest. Proxy 2-way Timeout

-- -------- ----------- ------------ ----- -------

15583 TCP(6) 10.20.20.1:41099 10.20.20.10:445 Yes Yes

4518 TCP(6) 10.20.20.1:41130 10.20.20.10:135 Yes Yes

                                        10.20.20.1:34635

4516 TCP(6) 10.20.20.1:41131 10.20.20.10:135 Yes Yes

                  10.20.20.1:41130

4522 TCP(6) 10.20.20.1:41132 10.20.20.10:49158 Yes Yes

                                        10.20.20.1:34635

4520 TCP(6) 10.20.20.1:41133 10.20.20.10:49158 Yes Yes

                  10.20.20.1:41132

4525 TCP(6) 10.20.20.1:41135 10.20.20.10:135 Yes Yes

   10.20.20.1:34635

4523 TCP(6) 10.20.20.1:41136 10.20.20.10:135 Yes Yes

                  10.20.20.1:41135

4529 TCP(6) 10.20.20.1:41137 10.20.20.10:49155 Yes Yes

               10.20.20.1:34635

4527 TCP(6) 10.20.20.1:41138 10.20.20.10:49155 Yes Yes

                  10.20.20.1:41137

15602 UDP(17) 10.20.20.1:49014 10.20.20.10:389 Yes Yes

15603 UDP(17) 10.20.20.1:49015 10.20.20.10:389 Yes Yes

15605 UDP(17) 10.20.20.1:49016 10.20.20.10:389 Yes Yes

15606 UDP(17) 10.20.20.1:49017 10.20.20.10:389 Yes Yes

15601 TCP(6) 192.168.1.154:41129 192.168.1.45:445 Yes Yes

 

There are much more options available, just use the /? And you will see:

 

C:\>netsh tmg show /?

The following commands are available:

Commands in this context:

show all - Shows all available information.

show allowedrange - Shows current allowed IP ranges.

show connections - Shows connection element information.

show creations - Shows creation element information.

show global - Shows driver configuration information.

show holdpackets - Shows information about the hold packets in driver.

show nlbhookrules - Shows NLB hook rule and NLB server assigned ranges information.

show usermodepackets - Shows information about the hold packets currently being handled in user mode.

 

Now go ahead and start playing with this new built in toy.