Why ProxyInspector is better than built-in Forefront TMG reports.

All articles

A question that users often ask is “Why is ProxyInspector better than built-in Microsoft Forefront Threat Management Gateway 2010 (or Microsoft ISA Server 2004/2006) reports?”. We tried to gather the most important differences in this document, so here they are:

1. To work with standard Forefront TMG reports, you need to use the MSDE format for log files. We have already listed its disadvantages here. ProxyInspector supports both MSDE and w3c, a text-based format of log files that can be processed by the program a lot faster.

2. Fixed report structure in Forefront TMG. In essence, it’s one big report with fixed sections. You cannot create a report for a site, a search phrase or another entity. You cannot add or remove a section. Report creation and modification is controlled via the Forefront TMG control panel (or by schedule) and reports can only be viewed in a browser.

3. Drilldown is impossible. Built-in Forefront TMG reports allow you to view lists of the most active users or the most frequently visited websites, but you cannot create a report showing which users visited which sites or which sites a specific user has been to. With ProxyInspector, this is not a problem - you can create flexible drill-down reports for any report element.

4. Limitations on report distribution and viewing. Forefront TMG reports can only be saved in the HTML format. The software doesn’t support any additional formats, such as PDF or Excel. In addition, saved reports are only displayed correctly in Internet Explorer, whereas other popular browsers (Opera, Chrome, etc) render them incorrectly. ProxyInspector allows you to save reports in HTML, MHT, PDF and Excel formats and doesn’t have the browser incompatibility issue.

5. You cannot group sites and delete subdomains. This results in a bulk of sites like www1.yandex.ru www2.yandex.ru www3.yandex.ru and such being shown in the most popular sites report. In many cases, it makes this report a lot less informative. ProxyInspector can show such sites as a single site, which is yandex.ru in our example.

6. Forefront TMG reports do not support aliases, grouping, filtering, reports by user groups, firewall rules and subnetworks. ProxyInspector supports aliases for users, sites and IP addresses, as well as filtering when importing data for users, sites and IP addresses. You can also generate full-fledged reports by user groups, subnetworks and firewall rules (only in the Enterprise version).

7. The Forefront TMG reports engine does not have an IP address conversion option. In certain cases (always for firewall log files), log files contain IP addresses instead of site URL’s, and this function allows you to partially restore the names of visited sites using reverse DNS lookup.

8. Report by downloaded files. This report available in ProxyInspector allows you to see the full names and sizes of large downloads made by users, as well as timestamps of these files. The integrated set of filters lets you define the parameters of files that should be included in the report.

Downloaded files report example

9. Report by search phrases. Allows you to see what kind of information users look for in search engines. The report is available in the Enterprise version of ProxyInspector only.

Search queries report example

10. Forefront TMG has extremely limited options for configuring the appearance of your reports. You can only specify a column to be used for sorting and the number of rows in a report. You cannot change the type and appearance of charts.

Tags: TMG, ISA, report, ProxyInspector