Hi Idan, This has been a known issues on the ISA Server message boards and by me for at least three years. What I don't understand is why someone would configure multiple external interfaces in this fashion, since its an unsupported configuration. You can search Usenet and this mailing list, as well as the ISAserver.org message boards for "multiple external interfaces" and you'll see NO NO NO NO NO. Why in the world would you have two NICs on the same network segment and have one for inbound and one for outbound? OK, NLB scenarios, in which case you might want to consider a real NLB solution like RainWall :-) However, why am I concerned about spoof detection? The spoofed packets are blocked anyhow, so what value is there to me knowing about it? I get hundreds, thousands, tens of thousands of exploit packets send to my whimpy T1 and DSL connections here at my office. For the enterprise, they get millions of these exploits. Do you think they have time to work up every exploit packet hitting the edge firewall? They don't have the time, nor do they need to spend the time. Sure, it would be nice if the spoof detection feature didn't act this way, but I don't see it as a signifcant, or even minor problem. It would be a problem if I needed this information and if the lack of this information had a deleterious effect, but I don't see how it does. If you see a spoof detected on the external interface of your ISA firewall, what are you going to do about it? Contact the ISP of the sender? ;-) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Idan Plotnik [mailto:idan@xxxxxxxxxxxxxxx] Sent: Friday, May 07, 2004 6:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server is not a Firewall !!! http://www.kbalertz.com/Feedback_832659.aspx http://www.ISAserver.org Hi Thomas, Yesterday I came back from TechEd in Israel, I believe in the way Microsoft works and I am working a lot with Microsoft products, in additional I am doing some works for Microsoft, but this issue is not relevant to my work, I mean that this kind of Bugs must be discover before the product is going in to the market and not after 2 or 3 years!!! Don't you agree with me? Tell me something else, do you think it reasonable to disable the IP Spoof Detection option on a FIREWALL???!!!!???!!!! To enable another function to work properly???? And by the way!!! A good Firewall must include a good router functions!!! It's not a separate function, When I read your line "but since you've confused firewalls with routers" I laugh because it's not a good way of thinking!!! There are a lot of people that thinks that Firewall just blocks ports or protocols and it's not true Thanks and have a good day. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Friday, May 07, 2004 1:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server is not a Firewall !!! http://www.kbalertz.com/Feedback_832659.aspx http://www.ISAserver.org Hi Idan, It's a good thing no other firewalls have any issues :-\ This is the first time I've done this on this list, but since you've confused firewalls with routers, I have to say PLONK. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Idan Plotnik [mailto:idan@xxxxxxxxxxxxxxx] Sent: Friday, May 07, 2004 5:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Server is not a Firewall !!! http://www.kbalertz.com/Feedback_832659.aspx http://www.ISAserver.org Hi all, I don't know if I need to laugh or to cry about this!!! This issue closed my opinion about ISA 2000, and my opinion about ISA 2000 is that its not a firewall !!! Someone has sometnig to say about this ? 832659 - The IP Spoof Detection feature in ISA Server 2000 may drop legal packets on systems that have multiple external interfaces Thanx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: idan@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')