IFPCAttackDetection::IPRoutingEnabled property
Applies to: desktop apps only
The IPRoutingEnabled property gets or sets a Boolean value that indicates whether IP routing is enabled.
This property is read/write.
Syntax
HRESULT put_IPRoutingEnabled(
VARIANT_BOOL fIPRoutingEnabled
);
HRESULT get_IPRoutingEnabled(
VARIANT_BOOL *pfIPRoutingEnabled
);
' Data type: Boolean
Property IPRoutingEnabled( _
ByVal fIPRoutingEnabled As VARIANT_BOOL, _
ByVal pfIPRoutingEnabled As VARIANT_BOOL _
) As Boolean
Property value
Boolean value that indicates whether IP routing is enabled.
Error codes
These property methods return S_OK if the call is successful; otherwise, they return an error code.
Remarks
This property is read/write. Its value is set to True (VARIANT_TRUE in C++) during Forefront TMG setup.
When IP routing is enabled, the Forefront TMG computer acts as a router, forwarding packets from the source to the destination in kernel mode. Some filtering is performed by the driver in user mode on the traffic being forwarded. When IP routing is disabled, Forefront TMG copies each packet, and then resends it through the driver in user mode. Only the data (and not the original network packet) is sent to the destination. Although IP routing improves performance, disabling IP routing is considered more secure.
After the value of the IPRoutingEnabled property has been modified, the change must be written to persistent storage by calling the Save method, and the Microsoft Firewall service must be restarted for the change to take effect. For more information about restarting the Firewall service to apply changes, see Restarting Services After Configuration Changes.
This property cannot be set through Forefront TMG Management.
Examples
This VBScript script retrieves the value of the IPRoutingEnabled property and displays a message indicating whether IP routing is enabled. The script can then enable or disable IP routing according to the option selected by the user. This script does not include error handling.
Option Explicit
Main(WScript.Arguments)
Sub Main(args)
If(args.Count <> 1) Then
Usage()
End If
Select Case UCase(args(0))
Case "C"
EnableDisableIpRouting ""
Case "E"
EnableDisableIpRouting True
Case "D"
EnableDisableIpRouting False
Case Else
Usage()
End Select
End Sub
Sub EnableDisableIpRouting(newValue)
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the array object and a Boolean.
Dim tmgArray ' An FPCArray object
Dim curValue ' A Boolean
' Get a reference to the array object.
Set tmgArray = root.GetContainingArray()
curValue = tmgArray.ArrayPolicy.AttackDetection.IPRoutingEnabled
If curValue = True Then
WScript.Echo "IP routing is enabled."
Else
WScript.Echo "IP routing is disabled."
End If
If newValue <> "" AND newValue <> curValue Then
tmgArray.ArrayPolicy.AttackDetection.IPRoutingEnabled = _
newValue
tmgArray.Save True
If newValue = True Then
WScript.Echo "IP routing has been enabled."
Else
WScript.Echo "IP routing has been disabled."
End If
End If
End Sub
Sub Usage()
WScript.Echo "Usage:" & VbCrLf _
& " CScript " & WScript.ScriptName & " {C | E | D}" & VbCrLf _
& "" & VbCrLf _
& " C - Show current status" & VbCrLf _
& " E - Enable IP routing" & VbCrLf _
& " D - Disable IP routing"
WScript.Quit
End Sub
Requirements
Minimum supported client |
Windows Vista |
Minimum supported server |
Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only) |
Version |
Forefront Threat Management Gateway (TMG) 2010 |
IDL |
Msfpccom.idl |
DLL |
Msfpccom.dll |
See also
Build date: 7/12/2010