This Rule generates alerts when A network that is load balanced has a Virtual IP but this Virtual IP belongs to another network
The Firewall service generates this alert when it detects that the Virtual IP (VIP) configured for one network belongs to the range of another network.
The VIP chosen for the load-balanced network should belong to the address range of this network.
NLB is not functional if this error occurs, but the traffic may not pass through ISA Server as expected.
The Firewall service may encounter the illegal configuration describe above for one of the following reasons:
A network is configured to use a VIP which belongs to the address range of another network.
Change the VIP to an address in the range of the configured network.
Target | Microsoft.ISAServer.2006.NLB.ServerRole |
Category | EventCollection |
Enabled | True |
Alert Generate | False |
Remotable | True |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.ISAServer.2006.Rule.AlertGenerate.DS | Default |
WA | WriteAction | Microsoft.ISAServer.2006.Rule.AlertGenerate.WA | Default |
<Rule ID="Microsoft.ISAServer.2006.A_network_that_is_load_balanced_has_a_Virtual_IP_but_this_Virtual_IP_belongs_to_another_network.Rule" Enabled="onEssentialMonitoring" Target="Microsoft.ISAServer.2006.NLB.ServerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(21234)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>[Microsoft Firewall]|[Microsoft ISA Server Control]</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.ISAServer.2006.A_network_that_is_load_balanced_has_a_Virtual_IP_but_this_Virtual_IP_belongs_to_another_network.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>1</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>