Forefront Unified Access Gateway

Applies To: Forefront Unified Access Gateway 2010 and later.

Overview

Forefront UAG as a DirectAccess server, to provide a seamless connection to internal resources for client devices that are running as DirectAccess clients. Client requests are securely directed to the internal network, without requiring a VPN connection. Forefront UAG DirectAccess extends the benefits of Windows DirectAccess by providing scalability, access to IPv4 resources, and simplified deployment.

Forefront Unified Access Gateway can be configured to send the events to EventTracker Enterprise by deploying agent.

With EventTracker Enterprise, organizations have complete visibility into their IT infrastructure. Know what’s happening now, what happened previously, what changed, and be compliant. EventTracker offers a high-level view, but allows you to drill down to the most granular level and provide you with the information you need – whether you are in charge of overall implementation, security, and compliance, or focused on the details of the events of specific devices.

Forefront Unified Access Gateway Logging

EventTracker Knowledge Pack for Forefront Unified Access Gateway allows you to monitor following:-

• Monitoring IP helper service settings.
• Monitoring new control connection initiated in clientapp.
• Monitoring OTP certificate activity
• Monitoring network activity.
• Monitoring user login activity.
• Monitoring services

Once events are received in to EventTracker, Alerts and reports can be configured into EventTracker.

Some of the Knowledge Packs available in EventTracker are listed below. For more information please refer Integration Guide.

Categories and Reports:-

• Forefront UAG: Certificate activation failed - This category based report provides information related to certificate activation failed.
• Forefront UAG: Certificate cannot be installed - This category based report provides information related to certificate cannot be installed.
• Forefront UAG: Certificate requested - This category based report provides information related to certificate requested.
• Forefront UAG: Configuration changes - This category based report provides information related to configuration changes.
• Forefront UAG: Connection established - This category based report provides information related to connection established.
• Forefront UAG: DNS service restarted - This category based report provides information related to DNS service restarted.
• Forefront UAG: Filter shutdown - This category based report provides information related to filter shutdown.
• Forefront UAG: Filter startup - This category based report provides information related to filter startup.
• Forefront UAG: IP helper service error - This category based report provides information related to IP helper service error.
• Forefront UAG: KCD protocol transition failed - This category based report provides information related to KCD protocol transition failed.
• Forefront UAG: Network configuration error - This category based report provides information related to network configuration error.
• Forefront UAG: Network interface cannot disable - This category based report provides information related to network interface cannot disable.
• Forefront UAG: Network interface cannot enable - This category based report provides information related to network interface cannot enable.
• Forefront UAG: OTP certificate cannot be enrolled - This category based report provides information related to OTP certificate cannot be enrolled.
• Forefront UAG: OTP certificates cannot be deleted - This category based report provides information related to OTP certificates cannot be deleted.
• Forefront UAG: OTP configuration error - This category based report provides information related to OTP configuration error.
• Forefront UAG: Remote user request denied - This category based report provides information related to remote user request denied.
• Forefront UAG: Restricted URL access denied - This category based report provides information related to restricted URL access denied.
• Forefront UAG: Service down - This category based report provides information related to service down.
• Forefront UAG: Service up - This category based report provides information related to service up.
• Forefront UAG: Timeout error - This category based report provides information related to timeout error.
• Forefront UAG: Unable to send message - This category based report provides information related to unable to send message.
• Forefront UAG: Unable to start application - This category based report provides information related to unable to start application.
• Forefront UAG: URL changed - This category based report provides information related to URL changed.
• Forefront UAG: URL path not allowed - This category based report provides information related to URL path not allowed.
• Forefront UAG: User login failed - This category based report provides information related to user login failed.
• Forefront UAG: User login successful - This category based report provides information related to user login successful.
• Forefront UAG: User request denied - This category based report provides information related to user request denied.

Alerts:-

• Forefront UAG: Certificate activation failed - This alert is generated when certificate activation failed.
• Forefront UAG: Configuration changes - This alert is generated when configuration changes event occurs.
• Forefront UAG: IP helper service error - This alert is generated when IP helper service error event occurs.
• Forefront UAG: Network configuration error - This alert is generated when network configuration error event occurs.
• Forefront UAG: OTP configuration error - This alert is generated when OTP configuration error event occurs.
• Forefront UAG: User login failed - This alert is generated when user login failed.

Scope

The configuration details are consistent with EventTracker Enterprise version 7.X and later, and Forefront Unified Access Gateway 2010 and later.

Documentation:

For more information please refer the Integration guide