Home
  •  

An enterprise network is not included in an array level network

Microsoft.Forefront.TMG.An_enterprise_network_is_not_included_in_an_array_level_network.Rule (Rule)

This Rule generates alerts when An enterprise network is not included in an array level network

Knowledge Base article:

Summary

An enterprise network is not included in an array-level network. As a result, packets from this enterprise network will be considered spoofed and dropped. This may also result in loss of connectivity.

The name of the enterprise network, as well as the IP address ranges from which packets may be dropped can be found in the alert's description.

Causes

When TMG Server receives a request from an IP address that is part of an enterprise network, but is not part of any array-level network, it treats the request as an attempt to spoof a protected IP address and the packet is dropped.

Resolutions

To resolve this issue, include the enterprise network in the appropriate array network.

Element properties:

TargetMicrosoft.Forefront.TMG.Server
CategoryEventCollection
EnabledTrue
Alert GenerateFalse
RemotableTrue

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Forefront.TMG.Rule.AlertGenerate.DS Default
WA WriteAction Microsoft.Forefront.TMG.Rule.AlertGenerate.WA Default

Source Code:

<Rule ID="Microsoft.Forefront.TMG.An_enterprise_network_is_not_included_in_an_array_level_network.Rule" Enabled="true" Target="Microsoft.Forefront.TMG.Server" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.DS">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <EventsPattern>^(21264)$</EventsPattern>

      <EventType>1</EventType>

      <SourcePattern>Microsoft Forefront TMG Firewall</SourcePattern>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WA" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.WA">

      <AlertMessageId>$MPElement[Name="Microsoft.Forefront.TMG.An_enterprise_network_is_not_included_in_an_array_level_network.AlertMessage"]$</AlertMessageId>

      <DomainName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>

      <Priority>1</Priority>

      <Severity>2</Severity>

    </WriteAction>

  </WriteActions>

</Rule>