• HOME
• PRODUCTS
• CyBlock Proxy
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• CyBlock ISA
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• CyBlock Appliance
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• Cyfin Reporter
• Reporting
• Technical Specs
• Price Quote
• FAQs
• Cyfin Proxy
• Reporting
• Technical Specs
• Price Quote
• FAQs
• COMPANY
• Customers
• Partners
• For Resellers
• WaveNews
• Careers
• RESOURCES
• White Papers
• Case Studies
• Press Releases
• Forum
• Blog
• Twitter
• SUPPORT
• CyBlock Proxy
• FAQs
• Forum
• Documentation
• Downloads
• CyBlock ISA
• FAQs
• Forum
• Documentation
• Downloads
• CyBlock Appliance
• FAQs
• Forum
• Documentation
• Cyfin Reporter
• FAQs
• Forum
• Documentation
• Downloads
• Cyfin Proxy
• FAQs
• Forum
• Documentation
• Downloads
• CONTACT US

Forefront TMG

Cyfin Reporter is designed to work with Forefront TMG.  Your Cyfin system can be configured as an on-box solution or as an off-box solution.

Below, please examine the diagrams depicting how Cyfin Reporter integrates with Forefront TMG.  Also please view our recommendations for product configuration. This information is designed to help you have seamless, trouble-free installation.

• Cyfin Reporter installed directly on Forefront TMG ("on-box")
• Cyfin Reporter is installed on a server other than Forefront TMG ("off-box")

---

Cyfin Reporter installed directly on Forefront TMG ("on-box")

---

Logfile Setup

Standard configuration:

Logfile Type:  Forefront TMG (Forefront TMG File Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

Alternate configuration:

Logfile Type:   Forefront TMG (W3C Extended Log File Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  Cyfin Reporter can be installed directly on the Forefront TMG or on a stand-alone machine.   Forefront TMG File Format uses local time for data record time stamp.  ISA W3C Extended Log File Format format uses GMT time (this is set by the Forefront TMG and is not configurable).

SQL Server Express DB configuration:

WARNING:  You will need SQL Server Management Studio to complete the required steps for this logfile selection.  It is not installed by default with TMG, so you must obtain the installation file.  When you have the file saved locally to the machine, install it using these instructions:

• Double-click the .exe file for SQL Server Management Studio to open it.
• In the left pane menu, click on Installation.
• In the right pane, click New SQL Server stand-alone installations or add features to an existing installation.
• Click OK at the first screen ("Setup Support")
• Click Install at the next screen.
• Click Next when installation ends.
• In the right pane, change the selected radio button to Add features to an existing instance of SQL Server
• Use the pulldown to select MSFW
• Click Next.
• In the right pane, under Shared Features, check the box Management Tools - Basic
• Click Next until arrive at the Ready to Install screen.
• Click Install.
• When it completes, click Next.
• Click Close.
• Click the "X" to close out of SQL Server Installation Center dialog box.

Please perform the following steps carefully and in order:

1. Open SQL Server Configuration Manager:
   • Expand SQL Server Network Configuration
   • Highlight Protocols for ISARS, still in the left pane.
   • In the right side pane, right-click TCP/IP and select Properties.
   • Click on IP Address tab, and scroll to bottom of dialog box.
   • Change the TCP Port to 1434.
   • Click Apply.  A dialog box will appear stating you need to restart a service. Click OK.
   • Click OK again to close the dialog box.
   • Minimize (but do not Close!) the SQL Server Configuration Manager, and go to your machine's Services (this will be under Administrative Tools).
   • Restart the SQL Server (ISARS) service.
   • Minimize (but do not Close!) your Services dialog box, and maximize the SQL Server Configuration Manager again.
   • In the left pane, highlight Protocols for MSFW.
   • In the right pane, right-click TCP/IP and select Enable.
   • Next, right-click TCP/IP again and this time select Properties.
   • Click on IP Address tab, and scroll to bottom of dialog box.
   • Clear out the numbers appearing in the TCP Dynamic Ports box, so that it is completely blank.
   • Next, in the TCP Port box type in 1433, so that the TCP Port will now be 1433.
   • Click Apply.  A dialog box will appear stating you need to restart a service. Click OK (we will restart it later in this procedure.)
   • Click OK again to close the dialog box.
   • Close SQL Server Configuration Manager.

    

   CRITICAL NOTE:  For the remaining steps in the process, you must have SQL Server Management Studio installed.  It is not installed by default with most TMG installs.

    

2. Open SQL Server Management Studio.  If you don't see it, try typing 'studio' in the Start - Search box. This will either show you where it is or launch the program.
   • Connect to your SQL Server.  Use the following credentials:
     • Server type = Database Engine
     • Server name =  TMG \MSFW
     • Authentication = Windows Authentication
   • Right-click on the top (Server) node, and go into Properties.
   • In the left pane, highlight Security.
   • In the right pane, change the Server Authentication radio button to SQL Server and Windows Authentication mode.
   • Click OK.  You will see a message stating that changes won't take effect until the SQL Server is restarted.  Click OK.
   • In the left pane, expand the Security folder.
   • Right-click the Logins folder, and select New Login.
   • In the right pane, for Login Name type wavecrest. NOTE: This label is very important, the product will expect this exact login name only.
   • Next, change the radio button selection to SQL Server Authentication.
   • Type in this password: password.  NOTE: This label is very important, the product will expect this exact password only.
   • Confirm the password by typing it in again.
   • Uncheck the Enforce password expiration checkbox.
   • Next, in the left pane highlight Server Roles.
   • Check the checkbox for sysadmin.
   • Click OK.
   • Close out of SQL Server Management Studio.

    

3. Restart Services.  

• In Administrative Tools - Services, restart:
  • SQL Server (ISARS) service (only if you did not do so earlier.)

  NOTE:  It is important that this one be restarted BEFORE the MSFW service!

  • SQL Server (MSFW) service.

 

With these steps complete, you are ready to proceed with logfile configuration.

SQL Server database configuration:

NOTE:  It is presumed that you have already set up a SQL database and are logging to it from your TMG Server.  The steps that follow will not work if you have not set that up first. 

If you are successfully logging to a SQL database, please perform the following steps:

1. Allow Open Database Connectivity.  It is important to set up SQL Server to accept ODBC (Open Database Connectivity). On the machine with SQL Server installed on it, complete these steps:
   • Log in to 'SQL Server Managment (Studio)'
   • Expand the server name
   • Expand Security folder
   • Right-click 'Logins' folder and click 'New Login'
   • Enter a new login name (example: wavecrest)
   • Select 'SQL Server Authentication' radio button
   • Type in a password (example: wavecrest)
   • Uncheck 'Enforce Password Policy'
   • Click 'Default db' pulldown, select the database our product will access
   • Click OK to save and exit
2. Create new account for your Wavecrest product to access the SQL Server. You need to set up another account for the product to communicate with your SQL Server database:
   • In 'SQL Server Management (Studio)', expand 'Databases' folder
   • Expand the database that the Wavecrest product will access
   • Expand the Security folder
   • Right-click the Users folder, click 'New User'
   • Type in the same user and login name (example: wavecrest) *we recommend using the same credentials that you created earlier
   • Select dbo as the Default Schema.  Use the browse buttons to find the checkbox for dbo, select it, then click OK to save.
   • For 'Database Role Membership' (bottom section of the page) check the following checkboxes:
     • dbdatareader
   • dbdatawriter
   • Click OK to save and exit
3. Proceed with configuration in your Wavecrest product.

 

---

Cyfin Reporter is installed on a server other than Forefront TMG ("off-box")

 

---

Logfile Setup

If Cyfin is installed "off-box", the logfiles need to be transferred to the Cyfin box or put into a suitable location where Cyfin can read them.  This can be done in a few ways:

• Copy the logfiles to the Cyfin machine's local drive (this is what we recommend for best network performance).  To automate this process, you can create a script to copy the logs over at a specific time each day.
• FTP the logs over to the Cyfin machine's local drive.   Again, this process can also be automated with scripts.
• Have the logfiles reside on a network drive.  NOTE:  Cyfin cannot browse the network.  For this logfile option to be successful, two things must be true: 
  • The network drive must be mounted on the network
  • The Cyfin Service logon account needs to be a domain account with administrative rights

Please see the section above for information about logfile setup, keeping in mind that the directory path for logfiles will be different for an "off-box" solution.

NOTE: Now that SQL 2008 Express is installed, we need to configure the Network options that are disabled by default.

1. In the Start Menu, open Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL Server Surface Area Configuration
2. In the Surface Area Configuration utility, click the link "SQL Server Configuration Manager"
3. Expand "SQL Server Network Configuration" and select Protocols.
4. Enable TCP/IP. If you need Named Pipes, then you can enable them here as well.
5. Close the SQL Server Configuration Manager.
   

---

Configuration Notes

Please see important information about Web proxy logging for Forefront TMG in the configuration notes above.

Please see the above section for recommended information about how to configure Integrated authentication for outbound Web requests.