This Rule generates alerts when An enterprise network is not included in an array level network
An enterprise network is not included in an array-level network. As a result, packets from this enterprise network will be considered spoofed and dropped. This may also result in loss of connectivity.
The name of the enterprise network, as well as the IP address ranges from which packets may be dropped can be found in the alert's description.
When TMG Server receives a request from an IP address that is part of an enterprise network, but is not part of any array-level network, it treats the request as an attempt to spoof a protected IP address and the packet is dropped.
To resolve this issue, include the enterprise network in the appropriate array network.
Target | Microsoft.Forefront.TMG.Server |
Category | EventCollection |
Enabled | True |
Alert Generate | False |
Remotable | True |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Forefront.TMG.Rule.AlertGenerate.DS | Default |
WA | WriteAction | Microsoft.Forefront.TMG.Rule.AlertGenerate.WA | Default |
<Rule ID="Microsoft.Forefront.TMG.An_enterprise_network_is_not_included_in_an_array_level_network.Rule" Enabled="true" Target="Microsoft.Forefront.TMG.Server" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(21264)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>Microsoft Forefront TMG Firewall</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.Forefront.TMG.An_enterprise_network_is_not_included_in_an_array_level_network.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>1</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>