website statistics
WFP Filter Conflict Detected Alert after installing Forefront TMG 2010 - Yuri Diogenes's Blog - Site Home - TechNet Blogs

Yuri Diogenes's Blog

Thoughts from a Senior Content Developer @ Microsoft Data Center, Devices & Enterprise Client – CSI (Enterprise Mobility Team)

WFP Filter Conflict Detected Alert after installing Forefront TMG 2010

WFP Filter Conflict Detected Alert after installing Forefront TMG 2010

  • Comments 2
  • Likes

As new folks are starting to install Forefront TMG 2010 they are finding out that right after install it they already have an alert on Forefront TMG console similar to the one below:

 

 

This behavior is documented in the Forefront TMG 2010 Release Notes and says:

 

Windows Filtering Platform error message following a computer or Forefront TMG services restart

After you restart the Forefront TMG computer or services, the following error message might be displayed:
“Forefront TMG detected Windows Filtering Platform filters that may cause policy conflicts on the server. The following providers may define filters that conflict with Forefront TMG firewall policy: Microsoft Corporation.”
If this message is displayed, disable the alert from appearing again, since it does not indicate a real conflict.

From: http://technet.microsoft.com/en-us/library/dd440976.aspx#BKMK_WindowsFilteringPlatformerrormessageafteracomputerorservicesrestart

 

As the release notes says this is an expected error message, it happens because Forefront TMG firewall engine detects filters on Windows Filtering Platform and it can be safely ignored. If you want to confirm that Forefront TMG is handling the core WFP categories you can use the netsh command below:

 

Microsoft Windows [Version 6.1.7600]

Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

 

C:\Users\administrator.CONTOSO>netsh advfirewall monitor show firewall

 

Global Settings:

----------------------------------------------------------------------

IPsec:

StrongCRLCheck                        0:Disabled

SAIdleTimeMin                         5min

DefaultExemptions                     NeighborDiscovery,DHCP

IPsecThroughNAT                       Never

AuthzUserGrp                          None

AuthzComputerGrp                      None

 

StatefulFTP                           Disable

StatefulPPTP                          Enable

 

Main Mode:

KeyLifetime                           480min,0sess

SecMethods                            DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1

ForceDH                               No

 

Categories:

BootTimeRuleCategory                  Microsoft Forefront Threat Management Gateway

FirewallRuleCategory                  Microsoft Forefront Threat Management Gateway

StealthRuleCategory                   Microsoft Forefront Threat Management Gateway

ConSecRuleRuleCategory                Windows Firewall

 

For more information on TMG integration with WFP read Chapter 1 (page 7) of the Microsoft Press Forefront TMG Administrator’s Companion book.

 

Comments
  • thanks for this, was worried about this error

  • Glad that it did help. Thanks!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment