▲
使用ISP-R要特别注意DNS服务器的配置。ISP-R检测链路状态的方法是通过被检测链路随机访问DNS根服务器,如果访问成功,链路状态就是健康的;如果一连三次访问失败,TMG会把链路状态标注为不可用。如果你不想让TMG检测DNS根服务器,希望TMG检测一个国内的DNS服务器,你可以参考下列脚本进行修改。还有一点要注意的是,ISP-R只对NAT数据有效。也就是说,ISP-R对TMG本地主机是不起作用的。如果你希望TMG服务器通过电信的ISP链路访问电信的DNS服务器,通过网通的ISP链路访问网通的DNS服务器,你需要使用route add命令写静态路由。
Configuring verification of link status
In the default setting, TMG checks the status of the ISP link by trying to establish a TCP connection on port 53 (DNS zone transfer) to a list* of root DNS server on a round robin basis. If a connection can be established, TMG will consider the link active.
Although, the IP addresses and the TCP port used for the verification cannot be configured directly from the management console, If you need to modify these settings, e.g. because you setup your TMG server without direct access to the internet, you can do this by using the TMG COM, through simple Visual Basic script like this one:
Note: Please take an export of TMG configuration prior to running the script. To get the original behavior you need to import the original configuration
‘ ==================================================================
‘ we need to get the ISP Redundancy configuration object first:
set oRoot = CreateObject(“FPC.Root”)
set oArray = oRoot.GetContainingArray()
set oExternalNetwork = oArray.NetworkConfiguration.Networks(“External”)
set oISPRCfg = oExternalNetwork.ISPRedundancyConfig
‘ ===================================================================
‘ if you want to remove the complete list of connectivity verification
‘addresses:
oISPRCfg.ConnectivityVerificationRemoteIpAddresses.RemoveAll()
‘ To add a new address (in this case 192.168.1.1) to check the connectivity:
oISPRCfg.ConnectivityVerificationRemoteIpAddresses.Add “192.168.1.1”
‘ To change the TCP port for connectivity verification (default: 53)
oISPRCfg.ConnectivityVerificationRemotePort = 53
‘ To save the changes
oISPRCfg.Save 2、监控
TMG的报表功能得到了增强,我们可以在TMG中针对重要用户输出单独的访问报表。如下图所示,我们可以在TMG中创建用户活动报告,访问报告中将输出用户的访问内容,访问时间,访问类别等参数。我们既可以输出单个用户的访问报告,也可以针对多个用户进行输出。(图3)