TMG 2010 introduced a new feature that has been on the wish list for long time ago. You will find it very usefully when you are trying to troubleshoot an issue with your TMG, trying to trace logs and find where does this or that belong and to which rule. In this article, we are going to explore the Search Feature
As your rules number increase, it will be difficult to find which rules contains which element. Previously, with ISA Server, this used to be a headache for any ISA Server administrator, the admin had used to go and look into rule by rule to see what he/she was looking for. This is over with TMG 2010, as the Search feature provide us with a capability to search the policies.
As an examples, lets say you want to search for a specific user in your company, lets say his username is Tarek , and you want to find out in which rules this username is used, is he granted an allow access ? a deny access ?, all you have to do is typing the username in the search textbox and pressing enter on the keyboard, or clicking on the icon with your mouse, and there you go, as you can see in the below snapshot, the deny and allow rules that have Tarek inside it are displayed.
Another example, is searching for protocols, typing ftp or protocol: ftp , inside the search textbox will reveal any rule that has an element such as a text or a Protocol that matches the word ftp.
As you can see, you can use free text within your search, the same way you use Web Search engines ( ex. google , bing, yahoo , etc …), however, you can not use wild characaters in your search as it is not supported yet. Maybe later with an update, using wild characters would become supported.
More examples, if you want to search the columns From and To , searching the Source Network, you can use : from:internal
searching for Destination Network :
as for rules , searching for action:deny
going more deeper, the search feature does not search only what is included under each column, but it also searches insides their content. For example searching for elmajdal.net, as you can see, elmajdal.net is not mentioned under the Name, Action, Protocols, From/Listeners, To, Condition or the Description columns, however, it can be found inside the Dev Websites Domain Name Set
The Search query can be a combination of attributes, for example below I’m searching in the action and the user columns. My search will return all the deny rules that have the user Tarek listed into them.
You will have to be aware, that wild characters at the moment are not yet support. As you can see below, I’m searching for Tarek , and i typed tar* , but the search didn’t return anything as wild characters are not supported yet.
If you want to learn more about the Search Feature , click on the Examples button, which will open the Firewall policy filter website : http://technet.microsoft.com/en-us/library/dd897127.aspx
If you are one of those TMG administrators that have tens and maybe hundreds of rules in your TMG server, then the new Search feature in TNMG 2010 is your life saver. No more digging into each rule to find out the information your are looking after, just type your search query, in free text or search for the different columns attributes, and you will be happy to find the info you are looking for in no time.