Actual Inbound Bandwidth

No

Measures the actual inbound
bandwidth.

Actual Outbound Bandwidth

No

Measures the actual outbound
bandwidth.

Assigned Connections

No

Tracks the number of connections
with an assigned bandwidth
priority. Connections
with assigned bandwidth priorities
have higher precedence
than those without assigned
priorities.

Assigned Inbound Bandwidth

No

Tracks the assigned inbound
bandwidth

Assigned Outbound Bandwidth

No

Tracks the assigned outbound
bandwidth.

Active Refresh Bytes Rate (KB/
Sec)

No

Measures the rate at which
bytes of data are retrieved
from the Internet to actively
refresh popular URLs in the
cache. This relates to the configuration
set for active caching.

Active URL Refresh Rate (URL/
Sec)

No

Measures the rate at which
popular cached URLs are
actively refreshed from the
Internet. This relates to the
configuration set for active
caching.

Disk Bytes Retrieved Rate(KB/
sec)

Yes

Measures that rate at which
"bytes of data" are retrieved
from the disk cache. This
counter is similar to Disk URL
Retrieve Rate but monitors
bytes rather than URLs.

Disk Cache Allocated Space(KB)

Yes

Measures how much space is
being used by the disk cache.
It will be equal to or less than
the amount configured for the
disk cache.

Disk Content Write Rate (Writes/
Sec)

No

Measures the number of writes
per second to the disk cache
for the purpose of writing URL
content to the cache disk.

Disk Failure Rate (Fail/Sec)

No

Measures the number of input/
output (I/O) failures per second.
An I/O failure occurs
when ISA Server fails to read
from or write to the disk
cache. This counter, together
with Total Disk Failures, provides
a clear indication of

Disk URL Retrieve Rate (URL/
Sec)

No

Measures how many URLs are
sent to clients from the disk
cache in one second. This is a
useful counter to measure at
peak and offpeak times to
check how the disk cache is
performing. It can be compared
with Memory URL
Retrieve Rate to see how
cache disk and memory are
being utilized.

Max URLs Cached

No

Measures the maximum number
of URLs that have been
stored in the cache.

Memory Bytes Retrieved
Rate(KB/Sec)

Yes

Measures the rate at which
bytes of data are retrieved
from the memory cache. This
counter is similar to Memory
URL Retrieve Rate but monitors
bytes rather than URLs.

Memory Cache Allocated
Space(KB)

Yes

Measures how much space is
being used by the memory
cache. It should be equal to or
less than the amount configured
for the memory cache.

Memory URL Retrieve Rate (URL/
Sec)

No

Measures how many URLs are
sent to clients from the memory
cache in one second. This
is a useful counter to measure
at peak and offpeak times, to
check how the memory cache
is performing and whether
available memory allocated for
caching purposes is being
used efficiently.

Memory Usage Ratio Percent (%)

Yes

Shows the ratio between the
amount of cache fetches from
the memory cache in a percentage
and the amount of
cache fetches in total. A high
percentage may indicate that
it is worthwhile allocating
more available memory
resources to the cache. A low
counter may indicate that
memory resources may be
better used elsewhere.

Total Actively Refreshed URLs

No

Displays the cumulative number
of popular URLs in the
cache that have been actively
refreshed from the Internet.
This counter provides an indication
of active caching performance.

Total Bytes Actively Refreshed
(KB)

No

Displays the total number of
bytes that have been retrieved
from the Internet to actively
refresh popular URLs in the
cache. This counter provides
an indication of active caching
performance.

Total Disk Bytes Retrieved (KB)

No

Measures the cumulative number
of disk bytes that have
been retrieved from the disk
cache. This counter, added to
Total Memory Bytes Retrieved
(KB), indicates the total number
of bytes retrieved from the
cache.

Total Disk Failures

No

Measures the number of times
that the Web Proxy service
failed to read from or write to
the disk cache due to an I/O
failure. A low counter indicates
that a disk is performing properly.
A high counter indicates a
cache disk that is too small,
too slow, or corrupted.

Total Disk URLs Retrieved

No

Measures the cumulative number
of URLs that have been
retrieved from the disk cache.
This counter, added to Total
Memory URLs Retrieved, indicates
the total number of URLs
retrieved from the cache.

Total Memory Bytes Retrieved
(KB)

No

Measures the cumulative number
of memory bytes that have
been retrieved from the memory
cache in response to client
requests to the cache. A low
number might indicate that
memory resources dedicated
to the cache are not being
used efficiently. A high number
might indicate that more
memory resources should be
allocated to the cache.

Total Memory URLs Retrieved

No

Measures the cumulative number
of URLs that have been
retrieved from the memory
cache in response to client
requests to the cache. A low
number might indicate that
memory resources dedicated
to the cache are not being
used efficiently. A high number
might indicate that more
memory resources should be
allocated to the cache.

Total URLs Cached

No

Measures the cumulative number
of URLs that have been
stored in the cache. If this
counter and URLs in Cache is
low, it may indicate a problem
with the cache. The cache may
not be configured for optimal
use or the cache size may be
too small.

URL Commit Rate (URL/Sec)

No

Indicates the speed at which
URLs are being written to the
cache. If rate of this counter is
comparable to the rate of Disk
Failure Rate(Fail/Sec), it indicates
that a high proportion of
attempts to write to the cache
are failing. This could indicate
a problem with cache configuration,
a cache disk that is too
slow, or a cache size that is
too small.

URLs in Cache

Yes

Measures the current number
of URLs in the cache.

Accepting TCP Connections

No

Number of connection objects
that wait for a TCP connection
from Firewall clients.

Active Sessions

Yes

The number of active sessions
for the Firewall service.

Active TCP Connections

Yes

The total number of active TCP
connections currently passing
data. Connections pending or
not yet established are
counted elsewhere.

Active UDP Connections

Yes

Total number of active UDP
connections.

Available Worker Threads

Yes

The number of Firewall worker
threads that are available or
waiting in the completion port
queue.

Back-connecting TCP Connections

No

Total number of TCP connections
awaiting an inbound connect
call to complete. These
are connections placed by the
Firewall service to a client
after the Firewall service
accepts a connection from the
Internet on a listening socket.

Bytes Read/sec

Yes

Number of bytes read by the
data-pump per second.

Bytes Written/sec

No

Number of bytes written by
the data-pump per second.

Connecting TCP Connections

No

Total number of TCP connections
pending. These are connections
awaiting completion
between the Firewall service
and remote computers.

DNS Cache Entries

No

The current number of DNS
domain name entries cached
as a result of Firewall service
activity.

DNS Cache Flushes

No

The total number of times that
the DNS domain name cache
has been flushed or cleared by
the Firewall service.

DNS Cache Hits

No

The total number of times a
DNS domain name was found
within the DNS cache by the
Firewall service.

DNS Cache Hits %

No

The percentage of DNS
domain names serviced by the
DNS cache, from the total of
all DNS entries that have been
retrieved by the Firewall service.

DNS Retrievals

No

The total number of DNS
domain names that have been
retrieved by the Firewall service.

Failed DNS Resolutions

No

Number of gethostbyname
and gethostbyaddr application
programming interface (API)
calls that have failed. These
are calls used to resolve host
DNS domain names and IP
addresses for Firewall service
connections.

Kernel Mode Data Pumps

Yes

The number of Kernel mode
data pumps created by the
Firewall service.

Listening TCP Connections

No

Number of connection objects
that wait for TCP connections
from remote Internet computers.

Non-connected UDP mappings

No

The number of mappings
available for UDP connections.

Pending DNS Resolutions

No

Number of gethostbyname
and gethostbyaddr API calls
pending resolution. These are
calls used to resolve host DNS
domain names and IP
addresses for Firewall service
connections.

SecureNAT Mappings

Yes

The number of mappings created
by SecureNAT.

Successful DNS Resolutions

No

Number of gethostbyname
and gethostbyaddr API calls
successfully returned. These
are calls used to resolve host
DNS domain names and IP
addresses for Firewall service
connections.

TCP Bytes Transferred/sec by
Kernel Mode Data Pump

No

The number of TCP bytes
transferred by the Kernel
mode data-pump per second.

UDP Bytes Transferred/sec by
Kernel mode Data Pump

No

The number of UDP bytes
transferred by the Kernel
mode data-pump per second.

Worker Threads

Yes

The number of Firewall worker
threads that are currently
active.

Packets Dropped Due to Filter
Denial

No

This counter tracks the total
number of packets dropped
because dynamic packet filtering
rejected the data. Dropped
packets counted here are any
packets which are not covered
by Packets Dropped Due to
Protocol Violations. In other
words, this counter represents
packets dropped
because of the default "deny-
all" policy in ISA Server. The
only exceptions aRE where
exception filters have been
set, explicitly allowing these
packets through.

Packets Dropped Due to Protocol
Violations

No

This counter represents the
total number of packets
dropped as a result of a protocol
anomaly. These are packets
dropped due to reasons
other than the default filtering
rules. For example, if you have
chosen to implement packet
filtering of IP fragments, or
you have enabled intrusion
detection, packets dropped
because of these configuration
choices will increment this
counter.

Total Dropped Packets

Yes

This counter represents the
total number of dropped or filtered
packets, regardless of
why they have been dropped
or filtered.

Total incoming connections

No

The total number of connections
made through the filtered
interfaces.

Total Lost Logging Packets

No

The total number of dropped
packets that cannot be logged.

Array Bytes Received/Sec (Enterprise)

No

Tracks the rate at which data
bytes are received from other
ISA Server computers within
the same array.

Array Bytes Sent/Sec (Enterprise)

No

Tracks the rate at which data
bytes are sent to other ISA
Server computers within the
same array.

Array Bytes Total/Sec (Enterprise)

No

Represents the sum of Array
Bytes Sent/Sec and Array
Bytes Received/Sec.This is the
total rate for all data bytes
transferred between the ISA
Server computer and other
members of the same array.

Cache Hit Ratio %

Yes

Determines how many Web
Proxy client requests have
been served using cached data
(Total Cache Fetches), as a
percentage of the total number
of successful Web Proxy
client requests to the ISA
Server computer (Total Successful
Requests). Its value
gives a good indication of the
effectiveness of the cache. A
high counter indicates that a
high level of requests are
being serviced from the cache,
meaning faster response
times. A zero counter indicates
that caching is not enabled. A
low counter may indicate a
configuration problem. The
cache size may be too small,
or requests may not be cacheable.

Cache Running Hit Ratio (%)

Yes

Measures the amount of
requests served from the
cache as a percentage of total
successful requests serviced.
This ratio is the same as that
measured by Cache Hit Ratio
(%). The difference between
these two counters is that
Cache Running Hit Ratio measures
this ratio for the last
10,000 requests serviced, and
Cache Hit Ratio measures this
ratio since the last time that
the Web Proxy service was
started. This means that
Cache Running Hit Ratio gives
a more dynamic evaluation of
cache effectiveness.

Client Bytes Received/sec

No

Indicates the rate at which
data bytes are received from
Web Proxy clients. The value
will change according to the
volume of Web Proxy client
requests, but a consistently
slow rate may indicate a delay
in servicing requests.

Client Bytes Sent/Sec

No

Measures the rate at which
data bytes are sent to Web
Proxy clients. The value will
change according to the volume
of Web Proxy client
requests, but a consistently
slow rate may indicate a delay
in servicing requests.

Client Bytes Total/Sec

Yes

Represents the sum of Client
Bytes Sent/Sec and Client
Bytes Received/Sec. This is
the total rate for all bytes
transferred between the ISA
Server computer and Web
Proxy clients.

Current Array Fetches Average
(Milliseconds/Request)

No

Gives the mean number of
milliseconds required to service
a Web Proxy client
request that is fetched
through another array member.
This does not include
requests for services by the
Secure Sockets Layer (SSL)
tunnel.

Current Average Milliseconds/Request

Yes

Represents the mean number
of milliseconds required to
service a Web Proxy client
request, not including
requests serviced by the SSL
tunnel. This counter can be
monitored at peak and off-peak times to get a comprehensive
picture of how fast client
requests are being
serviced. A counter that is too
high might indicate that the
ISA Server is having difficulty in
handling all requests and that
requests are being delayed.

Current Cache Fetches Average(Milliseconds/Request)

No

The mean number of milliseconds
required to service a Web
Proxy client request from
cache. This does not include
requests for services by the
SSL tunnel.

Current Direct Fetches Average(Milliseconds/Request)

No

The mean number of milliseconds
required to service a Web
Proxy client request directly to
the Web server or upstream
proxy. This does not include
requests for services by the
SSL tunnel.

Current Users

Yes

Indicates how many clients
are currently running the Web
Proxy service. Monitoring this
counter at both peak and off-
peak times provides a good
indication of server usage. The
configuration setting for maximum
Web request connections
influences this value. This
counter may also be useful if
you need to temporarily stop
ISA Server services.

DNS Cache Entries

No

Details the current number of
DNS domain name entries
cached by the Web Proxy service.
A high counter suggests
a beneficial impact on performance,
since a DNS cache
entry eliminates the need for a
DNS lookup, saving system
resources.

DNS Cache Flushes

No

Details the total number of
times that the DNS domain
name cache has been flushed
or cleared by the Web Proxy
service. When there is no
room left for more data in the
DNS cache, the DNS cache is
flushed to allow new entries to
be made.

DNS Cache Hits

No

Tracks the total number of
times a DNS domain name
was found within the DNS
cache by the Web Proxy service.
This counter can be compared
with previous DNS
counters to find out if DNS
caching is working efficiently.
A low number of DNS cache
hits impacts performance, as
every DNS lookup slows performance
down, particularly if
a problem arises in the lookup
process.

DNS Cache Hits %

No

Determines how many DNS
entries have been resolved
using cached data (DNS cache
hits), as a percentage of the
total number of DNS domain
names retrieved by the Web
Proxy service (DNS retrievals).
A high counter means better
performance as the DNS data
is served from the cache,
rather than incurring the overhead
of resolving DNS lookups.

DNS Retrievals

No

Represents the total number
of DNS domain names that
have been retrieved by the
Web Proxy service.

Failing Requests/Sec

No

Monitors the rate per second
that Web Proxy client requests
that have completed with
some type of error. This
counter can be compared with
Requests/Sec to give an indication
of how well ISA Server
is servicing incoming Web
requests. A high failure rate,
in comparison to the rate of
incoming requests, suggests
that ISA Server is having difficulty
in coping with all incoming
requests. Connection
settings for incoming Web
requests may be incorrectly
configured, or connection
bandwidth may be insufficient.

FTP Requests

No

Tracks the number of FTP
requests that have been made
to the Web Proxy service. A
consistently low counter may
influence the caching policy for
FTP objects.

Gopher Requests

No

Tracks the number of Gopher
requests that have been made
to the Web Proxy service.

HTTP Requests

No

Tracks the number of HTTP
requests that have been made
to the Web Proxy service.

HTTPS Sessions

No

Represents the total number
of HTTPS secured sessions
serviced by the SSL tunnel.

Maximum Users

No

Tracks the maximum number
of users that have connected
to the Web Proxy service
simultaneously. This counter
can be useful for determining
load usage and license
requirements.

Requests/Sec

Yes

Monitors the rate of incoming
requests that have been made
to the Web Proxy service. A
higher value means that more
ISA Server resources will be
required to service incoming
requests.

Reverse Bytes Received/sec

No

Monitors the rate at which
data bytes are received by the
Web Proxy service from Web
publishing servers in response
to incoming requests. This
rate can be monitored at peak
and off-peak times as an indication
of how ISA Server is
performing in servicing incoming
Web requests.

Reverse Bytes Sent/sec

No

Monitors the rate at which
data bytes are sent by the
Web Proxy service to Web
publishing servers in response
to incoming requests. This
rate can be monitored at peak
and off-peak times as an indication
of how ISA Server is
performing in servicing incoming
Web requests.

Reverse Bytes Total/sec

No

Represents the total sum of
Reverse Bytes Sent/Sec and
Reverse Bytes Received/Sec.
This is the total rate for all
bytes transferred between the
Web Proxy service and Web
publishing servers in response
to incoming requests.

Site Access Denied

No

Tracks the total number of
Internet sites to which the
Web Proxy service has denied
access. An excessively high
number might indicate a
access policy that is too
restrictive.

Site Access Granted

No

Tracks the total number of
Internet sites to which the
Web Proxy service has granted
access. This can be compared
with Site Access Denied to
give a numeric summary of
the results of access policy
configuration.

SNEWS Sessions

No

Represents the total number
of SNEWS sessions serviced
by the SSL tunnel.

SSL Client Bytes Received/Sec

No

Measures the rate at which
SSL data bytes are received by
the Web Proxy service from
secured Web Proxy clients.
Similar to Client Bytes
Recieved/Sec, but counts only
SSL requests.

SSL Client Bytes Sent/Sec

No

Measures the rate at which
SSL data bytes are sent by the
Web Proxy service to secured
Web Proxy clients. Similar to
Client Bytes "Sent"/Sec, but
counts only SSL requests.

SSL Client Bytes Total/Sec

No

Represents the sum of SSL Client
Bytes Sent/Sec and SSL
Client Bytes Received/Sec.
This is the total rate for all
bytes transferred between the
Web Proxy service and SSL clients.

Thread Pool Active Sessions

No

Represents the number of sessions
being actively serviced
by thread pool threads.

Thread Pool Failures

No

Represents the number of
requests rejected because the
thread pool was full.

Thread Pool Size

No

Represents the number of
threads in the thread pool.
This thread pool represents
the resources available to service
client requests.

Total Array Fetches (Enterprise)

No

Totals the number of Web
Proxy client requests that have
been served by requesting the
data from another ISA Server
within this array. These
requests are the result of the
Cache Array Routing Protocol
(CARP) algorithm, which randomly
stores objects in any
one of the member servers
cache. This counter is influenced
by the cache size for
each ISA Server in the array,
since a server with a larger
cache holds more cache items.
The load factor for each server
can also be configured, to
determine how workload is
divided amongst array members.

Total Cache Fetches

No

Monitors the total number of
Web Proxy client requests that
have been served by using
cached data. A high number
indicates a cache being fully
exploited.

Total Failed Requests

No

Represents the total number
of requests that have failed to
be processed by the Web
Proxy service due to errors.
Errors can be the result of the
Web Proxy service failing to
locate a requested server URL
on the Internet or because the
client did not have authorized
access to the requested URL.
This counter should be far
lower than Total Successful
Requests. If it is not, it is an
indication that ISA Server is
failing to service requests
effectively. This could be a
configuration problem, or a
connection that is too slow. It
could also indicate an access
policy that is too restrictive.

Total Pending Connects

No

The total number of pending
connections to the Web Proxy
service.

Total Requests

No

Represents the total number
of requests that have been
made to the Web Proxy service.
It is the total of two other
counters, Total Successful
Requests and Total Failed
Requests.

Total Reverse Fetches

No

Represents the total number
of incoming requests that have
been served by requesting the
data from Web publishing
servers.

Total SSL Sessions

No

Represents the total number
of SSL sessions serviced by
the SSL tunnel.

Total Successful Requests

No

Represents the total number
of requests that have been
successfully processed by the
Web Proxy service. This
counter can be compared with
Total Requests and Total Failed
Requests to indicate the effectiveness
of ISA Server in servicing
requests.

Total Upstream Fetches

No

Tracks the total number of
requests that have been
served by using data from the
Internet or from a chained
proxy computer. This counter
can be compared to Total
Cache Fetches to see what
proportion of requests are
being serviced from remote
servers on the Internet or
upstream proxies, compared
with those being serviced from
the cache.

Total Users

No

Represents the total number
of users that have ever connected
to the Web Proxy service.
It represents a history of
past server usage.

Unknown SSL Sessions

No

Represents the total number
of unknown SSL sessions serviced
by the SSL tunnel.

Upstream Bytes Received/Sec

No

Indicates the rate at which
data bytes are received by the
Web Proxy service from
remote servers on the Internet
or from a chained proxy computer
in response to requests
from the Web Proxy service.
The value of this counter
depends to some extent on
the connection bandwidth. If
the counter value is consistently
low, it may indicate a
bottleneck caused by a slow
connection. Changing the
bandwidth priority configuration
may help in this situation,
or a faster connection may be
required.

Upstream Bytes Sent/Sec

No

Indicates the rate at which
data bytes are sent by the
Web Proxy service to remote
servers on the Internet or to a
chained proxy computer. The
value of this counter depends
to some extent on the connection
bandwidth. If the counter
value is consistently low, it
may indicate a bottleneck
caused by a slow connection.
Changing the bandwidth priority
configuration may help in
this situation, or a faster connection
may be required.

Upstream Bytes Total/Sec

No

The sum of Upstream Bytes
Sent/Sec and Upstream Bytes
Received/Sec. It represents
the total rate for all bytes
transferred between the Web
Proxy service and remote
servers on the Internet or a
chained proxy server.

Active H.323 Calls

No

The number of H.323 calls that
are currently active.

Total H.323 Calls

No

The total number of H.323
calls handled by the H.323 filter
since the ISA Server computer
was started

Active Connections

No

The total number of active
connections currently passing
data. Connections pending or
not yet established are
counted elsewhere.

Active Sessions

No

The number of active SOCKS
sessions.

Bytes Read/sec

No

Number of bytes read on all
SOCKS connections per second

Bytes Written/sec

No

Number of bytes written on all
SOCKS connections per second

Connecting Connections

No

The number of SOCKS connections
waiting for a remote
computer to connect to.

Listening Connections

No

Number of connection objects
that wait for remote computers
to connect to.

Pending DNS Resolutions

No

Number of pending name resolution
requests. These
requests resolve host DNS
names and IP addresses for
SOCKS connections.

Successful DNS Resolutions

No

Number of name resolution
requests resolved each second.
These requests resolve
host DNS names and IP
addresses for SOCKS connections.