Uninstall TMG Packet Filter

Similar Messages

• Unable to Uninstall "TVT Packet Filter Miniport #4

  Does anyone know the purpose of the TVT Packet Filter Miniport #4 that appears in my Device Manager list under Network adapters?  The listing shows it with a yellow ! and I am unable to update the driver or uninstall it.  I get the message "Failed to uninstall the device. The device may be required to boot up the computer."
  Thanks in advance for any information. 

  This is easily fixed:
  1) Go to Control Panel, Network Connections
  2) For each Device listed, choose its Properties, then uncheck TVT Packet Filter, then click OK.
  3) Double check making certain that you have unchecked all TVT Packet Filter for each Network Device listed.
  4) Go to Control Panel, System, Device Manager.
  5) Now you can Uninstall the <yellow exclamation mark> (TVT Packet Filter missing driver) under Other Devices.
  6) If you followed the above steps correctly, this error should not recur.

• Adaptive-Firewall (af) blacklist or blockedHosts? Packet-Filter (pf)

  I have just upgraded my Mac mini Server from the latest version of OS X 10.8.5 and OS X Server 2.2.1 to OS X 10.9.3 and OS X Server 3.1.2 by turning off all server services (except Open Directory), upgrade to OS X 10.9.3 and touching up System Preferences, reboot, upgrade OS X Server 3.1.2 and run the Server app to upgrade the server's directories, files and services, and now proceeding carefully by comparing notes from my previous configuration and turning on required server services one by one.
  Now the Adaptive Firewall (af) and Packet Filter (pf) perplexes me since OS X 10.8...
  I have configured how to enable af on system boot-up based on information from Apple support documents. I understand that Event Monitor (emon) monitors the incoming IP connections (among its other functions) and if it detects abnormal behaviour from a particular IP connection, emon uses af to add the offending IP address to af's blacklist file.
  My first question is: does af itself blocks the IP connection, or does it use pf instead to do the job?
  If af uses the latter, my second question is: does af uses some internal socket/pipes to communicate with pf, or does pf uses some file from af?
  Now if pf uses some file from af, it can't be the blacklist file as the pf.anchor uses the table from /var/db/af/blockedHosts file, and it seems that the blockedHosts file is perpetually an empty file and no app or process seems to touch the file since it was created.
  The gist of my question is that the af and/or pf on my system seem not to be doing their job even though emon is detecting abnormal IP connections based on the log messages its been producing after following Apple support documents to enable Adaptive Firewall on my system.

  "The gist of my question is that the af and/or pf on my system seem not to be doing their job even though emon is detecting abnormal IP connections based on the log messages its been producing after following Apple support documents to enable Adaptive Firewall on my system."
  And when and which service use the /var/db/af/blockedHosts file?

• Having problem uninstalling TMG

  Hello community!
  I'm having issue uninstalling TMG from my server. We moved to gateway security and TMG was no longer needed.
  Today I attempted to uninstall it but it failed. Application disappeared for "Programs and Features" list and it's blocking incoming traffic. Outbound traffic flows just fine, I can get outside but incoming is blocked. I have office shares on this
  server and it's very important for me to restore connectivity.
  I tried some third party uninstallers like "Perfect Uninstaller" but no luck. TMG services are all there stopped and cant be started.
  Any advice will be highly appreciated.
  Thank you

  Hi,
  Did you remove the existing log files and cache files when removing TMG? In addition, did you reboot the server after uninstallation? If not, I recommend you to reboot the server to
  see if the issue persists.
  In addition, according to your description, it seems that TMG is no longer in Program and Features and the TMG related services are stopped, right? If so, maybe the incoming traffic
  is blocked by other firewall. You can also check the Windows firewall to see if it blocks anything or not.
  Best regards,
  Susie

• Packet Filter (PF) Status in 10.9

  Howdy Developers,
  I have couple of questions regarding the pf status in 10.9. For some reason Apple does not seem to clearly state what they are going to do with PF? I understand that this is the direction apple plans to move, so are they going to remove older firewall framework (ipfw)?
  The reason for this question is to get advice from developers regarding how our code development should proceed. My application uses ipfw (divert rule) to forward all tcp traffic to userspace. This works well in 10.9 as well. The divert rule in question is inserted to the table by my code programatically using following code.
      if ((fw_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) {
           return -1;
      bzero(&fw, sizeof(struct ip_fw));
            fw.version = IP_FW_CURRENT_API_VERSION;
            fw.fw_number = 1;
      fw.fw_prot = IPPROTO_TCP;
      fw.fw_flg = IP_FW_F_DIVERT | IP_FW_F_OUT;
      fw.fw_un.fu_divert_port = port;
      fw.fw_uar.fw_pts[0] = 80; /* Not relavent */
            fw.fw_nports = 0;
      if (setsockopt(fw_sock, IPPROTO_IP, IP_FW_ADD, &fw, sizeof(fw)) == -1) {
    return -1;
  This is prefered way for my application. Unfortunately, Apple decided to depricate this with 10.7. In 10.8 the definition of struct ip_fw is no longer found. I had to use 10.7 SDK to make this work.
  With new xcode 5.0.1, 10.7 SDK is no longer supported and this means either I run older xcode for just compiling this code and newer xcode for rest of the code. This is very ugly situation. I want to know if I shoud migrate to PF? If so how do I programatically set similar divert rule?
  Assuming there is programatical interface for PF, then would this work on 10.7, 10.8 and 10.9?
  I also see that OS X firewall uses PF in the backend. Users can enable this via preferences. Is there a way to programatically control this interface? I mean I would like to make sure the firewall is turned off when my application starts running.
  I know I asked lots of questions. I hope someone can help as there is nil documentation on what Apple wants its developers to do.
  Regards,
  Chandy

  I think your question might be better suited to the Developer forums at devforums.apple.com or the mailing lists. You might even want to open a tech support ticket.

• Packet filter problem on BM 3.8

  I have BM 3.8 on OES NetWare. After I installed I realized the public NIC
  was bad and replaced it. I found the filters were set to the wrong
  interface, and had no exceptions set. Using FILTCFG, I changed the
  interface for the filters to the new public NIC, and then had to disable
  the filters because they had no exceptions. Now, I can't connect to
  iManager on the BM server, and iMgr run from my main server does not show
  the NBM Access Management option. What can I do short of reinstalling BM?

  On Mon, 29 Jan 2007 20:03:05 GMT, Caterina Luppi <[email protected]> wrote:
  >Check this TID 10097678
  >http://www.novell.com/support/search...200%2025373104
  >
  >and see if it fixes your issue.
  Yes, it did. Thank you. Of course, I wasted a day trying to resolve a comms
  problem between servers until I finally thought to disable all of the
  filters.
  Donald Albury

• Issue with UAG/TMG communication to published SharePoint application is blocked by access policy settings

  We have a UAG/TMG server set up with SharePoint published. The UAG is also doing load balancing for the SharePoint farm. We have an MDM application that is trying to connect to our SharePoint but our SharePoint is routed through the UAG. The MDM application
  does not need to be published neither is there any component that can be accessed directly by end users. It is more of a proxy to relay content to mobile devices. It is using 443 and two other secondary ports.
  On the TMG logs, we can see requests hitting the TMG over port 443 from the MDM application server. We can also see that it is trying to be routed to our SharePoint but we get the following error in the TMG log:
  “Filter information: A request from source IP address xx.xx.xx.xx, user to trunk portal; Secure=1 for application SharePoint of type SharePoint15 failed. The endpoint device does not comply with access policy settings ([%PolicyId%]) for session [%SessionId]”
  The source IP is the internal IP of the host running the MDM application. In the UAG side, under the SharePoint publishing rule, for Access Policy Settings we have tried selecting the 'Always' option but that had no effect. It appears like there is a policy
  blocking communication to SharePoint. Does anyone have a suggestion on which policy or where the policy that is controlling this is located so that we can try to resolve this issue? Thanks.

  Looking at the UAG Web Monitor, it says that the access policy is 'Hybrid_Default_Session_Access' and the URL is /_vti_bin/Webs.asmx. 
  We can't find a 'Hybrid Default Session Access' policy. In the Endpoint Policy Settings tab, we tried using 'Always' for the Access Policy for the published SharePoint application but that did not make any difference. 

• Problems with filter exception using Network IP range

  We are using a spam filtering service for out incoming email. As such, all
  our email is directed to our SMTP server from their IP address range. We
  employ a dual firewal set up. We have a Netscreen firewall connected to the
  Internet and the Border Manager 3.8 server sits between the Netscreen and
  our internal network. On the BM server I have set up a generic proxy with a
  proxy port of 1025 to proxy the incoming email to our internal mail server.
  The Netscreen is set up to forward all SMTP (port 25) traffic to the
  BorderManager server on port 1025. Using FiltCfg I also set up a packet
  filter exception to allow traffice from the service providers network
  (Network = 104.56.144.0, Mask = 255.255.248.0) to port 1025. With this
  setup most email is received just fine. However I was getting reports of
  bounced and delayed email. Working with our service provider it was
  detemined that randomly some connections were failing. I used PktScan to
  collect packet trace infomation from our BM server. On a regular basis
  there are groups of SYN packets from the service providers email servers
  which are not receiving a response from the BM server. In some cases the BM
  server does eventuall respond with a SYN/ACK. There are also times when the
  BM server responds immediately after the first SYN. All the incoming
  connections from the service provider are currently comming in from two IP
  addresses, 104.56.144.247 and 104.56.145.247. The BM server is showing the
  same problem for both IP addresses, sometimes it responds immediatley to the
  SYN, sometimes it takes a few SYN packets before it responds, and sometimes
  the BM server never responds to the connection attempt. On a whim I added
  filter exceptions which specifed the two host IP addresses specifically
  (other than that the rules are identical to the one using the Network
  specification). After doing this the BM server is now responing immediately
  to all the incoming SMTP connection attempts from the service provider. Why
  would I be seeing this problem with the filter exception defined with a
  Network specification but not with Host specifications? Is there anything I
  can do to fix this?
  Thank you for any help provided,
  Brad Johnson

  Yes. I created 8 separate 255.255.255.0 exceptions. In viewing the packet
  trace data for the last couple of days it appears this resoloved the
  problem.
  Thanks
  Brad Johnson
  "Craig Johnson" <[email protected]> wrote in message
  news:[email protected]..
  > In article <XCo8l.13813$[email protected]>, Brad Johnson
  > wrote:
  >> Both servers are running NW 6.5 sp 6. After this problem started I
  >> applied
  >> BM38sp5_IR1, TCP681K, and wsock6o. This had no affect on the issue.
  >>
  >> If I create individual exceptions for the IP addresses I am currently
  >> receiving mail from, rather than using the range of potential addresses,
  >> the
  >> problem goes away.
  >>
  > Well, it sounds definitive enough, but I think if it were a generic issue
  > to
  > the patch level I would have heard about it from my clients who use
  > Postini
  > mail filtering service. All of the Postini-related servers have a network
  > address as a source in the filter exceptions for smtp.
  >
  > Instead of using a 255.255.248.0 mask, does it work if you set up 8
  > different
  > 255.255.255.0 exceptions?
  >
  >
  > Craig Johnson
  > Novell Support Connection SysOp
  > *** For a current patch list, tips, handy files and books on
  > BorderManager, go to http://www.craigjconsulting.com ***
  >
  >

• NPS send additional attribute Filter-ID (0xb)

  Hello
  Our environment – Active Directory forest level 2003, users dial-in properties are ignored, NPS server MS Windows 2008 R2 Enterprise Edition patched with all updates and used only
  for authentication, Watchguard VPN server XTM 510, software version 11.8.1. I want to allow access to network resources based on group membership. For example – members of domain group A have access only to servers/services A, members of group B have access
  only to servers/services B, etc. I configured watchguard server:
  https://www.watchguard.com/help/docs/wsm/XTM_11/en-US/index.html#cshid=en-US/authentication/radius_how_works_c.html
  https://www.watchguard.com/help/docs/wsm/XTM_11/en-US/index.html#en-US/authentication/radius_server_auth_about_c.html%3FTocPath%3DAuthentication|Configure%20%20RADIUS%20Server%20Authentication|_____0
  First I create global domain group VPN_SSL_IT_Admins, then I create connection request policy and network policy, both policies have the same Filter-Id parameter, which was the
  same as group name VPN_SSL_IT_Admins, then I create packet filter rules in VPN server, then I create the next domain group, next NPS policies, etc.
  During testing I’ve found very strange problem – NPS server sends back to radius client (VPN server) two Filter ID attributes (hex code 0xb) in access accept message, although
  user is member only of one group. One filter ID attribute is correct, the other is always the same as the first policy (I didn’t test which policy need to be first – connection request or network policy). When I change the order of policies in NPS the Filter
  ID attribute is also changed.
  I think this is security flaw because user has access to two network resources. As a workaround I create empty domain global group (no members), one connection request and one
  network policy in NPS, both policies were first in processing order. NPS still send two filter-id (0xb) attributes but connected user has only access to allowed network resources/services.
  I've also prepared PDF document with pictures, if anyone is interested (NPS settings and network monitor captures).
  Regards Milan

  Hi
  I did as Greg suggested (configure Filter-Id attribute only in network policy) and radius (NPS) sends only one Filter-Id attribute. Maybe this is "behavior by design"?
  I must admit - I've never understood why we need Connection Request Policies and Network Policies.
  J
  PDF file:
  http://1drv.ms/1eucHrQ
  Regards Milan

• [Solved] Packet filtering.

  Hi,
  I am looking for a convenient way to filter packets from expression in form of \x00 (for exemple) I took a look at tcpdump but couldn't find a way to do so with it and it would actually be better if I could do so without using WireShark (for memory consumption). This is for a bash script and any hint would help, should I consider coding a packet filter in bash and then filter packets from my hexadecimal pattern ? Or is there another tool I could use to do do ?
  Thank's a lot
  Last edited by sugartest (2014-07-16 12:10:25)

  You can do that with iptables using the 'string' module.
  man iptables-extentions wrote:
     string
         This modules matches a given string by using some pattern matching strategy. It requires a linux kernel >= 2.6.14.
         --algo {bm|kmp}
                Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)
         --from offset
                Set the offset from which it starts looking for any matching. If not passed, default is 0.
         --to offset
                Set the offset up to which should be scanned. That is, byte offset-1 (counting from 0) is the last one that is scanned.  If not passed, default is the packet size.
         [!] --string pattern
                Matches the given pattern.
         [!] --hex-string pattern
                Matches the given pattern in hex notation.
         Examples:
                # The string pattern can be used for simple text characters.
                iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string 'GET /index.html' -j LOG
                # The hex string pattern can be used for non-printable characters, like |0D 0A| or |0D0A|.
                iptables -p udp --dport 53 -m string --algo bm --from 40 --to 57 --hex-string '|03|www|09|netfilter|03|org|00|'

• What is the Signature in TMG?

  Hi all,
  I want to know, What is the Signature in TMG? What is the usages? And, How can i use Signature in TMG?
  Please tell me by example.
  Thank you.
  Future is mine! ^_^

  Hi,
  Are you talking about the signature in HTTP filtering? If yes, the signature is used for
  specifying whether to allow or block requests based on the specific signatures in the headers or body.
  For example, if you add the letter "a" as a signature, any request or response containing "a" will be blocked.
  In Web Access Policy, you can identify signatures for HTTP filtering. For more detailed information, please refer to the links below:
  Configuring HTTP filtering
  Configuring the Forefront TMG HTTP Filter (Note:
  Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.)
  Best regards,
  Susie

• Disable packet filtering on BM 3.6

  Hi
  I have a border manager firewall that I am replacing with a hardware box. I
  would still like to use the Border manager as a proxy server and use its
  access rules but do not want it to packet filter.
  What is the easiest way to acheive this?
  thanks
  Mike

  thanks for that Craig. I am happy with that part of it but what I need to
  do is turn the BM box into just a router and turn off all packet
  filtering.
  What is the best way to do that. Is it via filtcfg or do I need to stop
  certain NLMs loading?
  thanks
  > Make the BMgr server's default gateway the new filtering box.
  >
  > Filter port 80 and 443 on the new box, and allow those ports only from
  > the BMgr server's IP address.
  >
  > Craig Johnson
  > Novell Support Connection SysOp
  > *** For a current patch list, tips, handy files and books on
  > BorderManager, go to http://www.craigjconsulting.com ***
  >
  >

• Firewall causing playstation 3 fragmented packets blocked!

  Just wanted to post this as info to other RV220w users that have a playstation 3.  By default a setting is on in the firewall that blocks fragmented packets..  With this setting on even if the ps3 is in the dmz some games wont work and if you test the ps3 connection it will tell you that either your router or service provider doesn't allow fragmented packets.  Its under Firewall > Attack Prevention > check box "block fragmented packets".
  the error from testing connection on  ps3 is
  The router in use may not support IP fragments, and the communication features of some games may be restricted.

  [email protected] wrote:
  > I am using Netware 6.5 sp1a and bm 3.8 sp1a.
  >
  > I recently deleted some unneeded packet filter exceptions using
  > iManager. When my server was restarted over the weekend the firewall is
  > not allowing packets in the exception list to pass through.
  > I get a message on the logger screen that states:
  > "nbm filewall failed to read configuration from ds"
  > What is actuall happening is all traffic is blocked as the exceptions do
  > not seem to be working.
  >
  > I have checked ds and all looks healthy.
  >
  > Any ideas. I have been forced to disable filters on the public interface
  > until I can fix the problem.
  >
  > Thanks,
  >
  Sorry but this is the wrong forum. You need to go to
  novell.support.bordermanager.packet-filtering. This forum is for the
  Novell Client Firewall that comes with BM 3.8
  Brad

• Packet filters support supernets?

  I trying to get BM3.8 setup to allow packet filter exceptions for smtp
  from multiple "networks" which are supernets (email goes thru'
  MessageLabs)
  I read somewhere that there is a bug or 3.8 does not support supernetting.
  The trace shows the inbound packets being discarded even though they are
  in the supernet range.
  Any ideas - work arounds.

  Given that there are literally hundreds of individuals subnets - I will just recommend that the client purchase a real firewall. :(
  >>> Caterina Luppi<[email protected]> 23/06/2006 03:52:54 >>>
  Jeff,
  > I trying to get BM3.8 setup to allow packet filter exceptions for smtp
  > from multiple "networks" which are supernets (email goes thru'
  > MessageLabs)
  >
  > I read somewhere that there is a bug or 3.8 does not support supernetting..
  Correct - packet filters don't support supernetting.
  > Any ideas - work arounds.
  no workarounds, I'm afraid. You'll have to duplicate the filters for
  each network you need to open.
  Cat
  NSC Volunteer Sysop

• Questions about Firewall, DHCP and other things

  What I have;
  Linksys WRT54GSv4
  Up to 5 dynamic IP addresses, from my ISP
  Fiber connection
  What I want;
  WLAN
  To use the 'real' dynamic IP addresses (no LAN of my own)
  Hardware Firewall (preferably from the Linksys)
  Is this even possible? I can't seem to get it working.

  No. This won't work with a WRT54GS. You can only set it up in router mode and only if you have a whole subnet. But in router mode the addresses can be reached from the internet.
  I guess there is a big misunderstanding anyway. The router even in gateway mode and running not is not a firewall for the computers connected to the router. The router runs a firewall which basically protects the router and in a way your internet connection from attacks (e.g. DoS). The firewall in the router does not protect the computer connected to the router.
  What usually provides the protection is the network address translation in gateway mode. Using private IP addresses in your LAN makes the computer unaccessible from the internet. The router maps the single internet IP address.
  But you cannot configure the firewall on the router to block any specific traffic.
  You may be able to install 3rd party firmware on the router. With 3rd party firmware you have direct access to the Linux system on the router and you can configure the packet filter on the router with iptables. This allows you to individually protect computers connected to your router. But this is not possible with standard Linksys firmware through the web configuration.
  See the wikipedia article on "wrt54g" on details about which routers support 3rd party firmware and which projects exist.