Forefront TMG 2010 Configuration Error Alert


On a Forefront Threat Management Gateway (TMG) 2010 firewall you may encounter a Configuration Error alert like this:

The alert description states:

“The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
External:172.16.2.0-172.16.3.255;

This alert is the result of the Forefront TMG firewall’s routing table and network definition being out of sync with each other. In this example, the routing table looks like this:

However, the Forefront TMG Internal network definition looks like this:

As you can see, the Forefront TMG firewall is configured with an Internal network IP address range of 172.16.1.0/24. However, the routing table contains additional static routes that also make the 172.16.2.0/24 and 172.16.3.0/24 networks reachable.

To resolve this issue, highlight the Networking node in the navigation tree, select the Networks tab in the center window, then highlight the network that corresponds to the IP address range contained in the alert. In our example the address range 172.16.2.0-172.16.3.255 also belongs to the Internal network. Right-click the Internal network and choose properties, choose the Addresses tab, then remove all address ranges previously configured. Next, choose Add Adapter and choose the network adapter for this network.

Using this method the IP address range for this network is built using the routing table for the network interface. This is the preferred method for defining IP address ranges for Forefront TMG networks. Save the changes and apply the configuration.

For more information on configuring network interfaces for Forefront TMG 2010 firewalls, please refer to Jason Jones’ excellent documentation on the subject here:

Recommended Network Adapter Configuration for Forefront TMG Standard Edition Servers
Recommended Network Adapter Configuration for Forefront TMG Enterprise Edition Servers

 

Fonte e o titular desta informação: Richard Hicks’

Sobre Julio Vaz

I'm a results-driven IT professional on consulting for integration projects with extensive experience in the engineering, administration and support. Direct experience with customer relationships, complex problem troubleshooting, implementation, optimization, technology advisor and training deliveries. Always interested in professional growth as well as high-quality service delivery. Specialties: Office 365. Windows Intune. Windows Azure. Microsoft Windows Server and Active Directory Microsoft Exchange Server 2000/2003/2007/2010, 2013 Windows Virtualization: Hyper-V Windows server 2008, 2008 R2, 2012, 2012 R2. Microsoft Isa Server 2000, Isa Server 2004, Isa Server 2006. Microsoft Forefront TMG 2010. Microsoft Project Server 2007/2010, 2013 Microsoft SharePoint 2007/2010, 2013 Documentation of the computing environment and services. Elaboration of technical procedures. Elaboration of proposals and projects. Management and training of support staff. Implementation and maintenance of security and backup policies. Implementation, administration and migration from Microsoft . Windows NT, Windows 2000 Server, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2 Implementation and migration from Microsoft Office Communications Server 2007 Implementation and migration from Microsoft Lync Server 2010, 2013. Implementation and migration from Microsoft Exchange Server 2000, 2003 and 2007, 2010, 2013. Implementation and migration from Microsoft Isa Server 2000, 2004 and 2006, Forefront TMG Implementation Microsoft System Center 2012 R2 - SCCM, SCOM, DPM. Migration of servers and domains
Esse post foi publicado em Microsoft ForeFront TMG 2010. Bookmark o link permanente.

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s