How to disable the IP Spoof Detection feature in Microsoft ISA Server 2004 (838114)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

INTRODUCTION

By default, the IP Spoof Detection feature is enabled in Microsoft Internet Security and Acceleration (ISA) Server 2004. Although there is no way to disable this feature in the ISA Microsoft Management Console (MMC) snap-in, you can disable this feature in the Windows registry.

MORE INFORMATION

To disable the IP Spoof Detection feature in the Windows registry, follow these steps:

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/FwEng/Parameters

    If the Parameters subkey is not displayed, follow these steps to create this subkey:
    1. Click the FwEng subkey.
    2. On the Edit menu, point to New, and then click Key.
    3. To name the key, type Parameters, and then press ENTER.
  3. Right-click Parameters, point to New, and then click DWORD Value.
  4. To name the value, type DisableSpoofDetection, and then press ENTER.
  5. Right-click DisableSpoofDetection, and then click Modify.
  6. In the Value data box, type 1, and then click OK.

    Warning This setting disables IP Spoof Detection on the ISA Server 2004-based computer. To enable IP Spoof Detection, set the DisableSpoofDetection value to 0. This is the default value.
  7. Exit Registry Editor, and then restart the ISA Server 2004 services.

REFERENCES

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

284811 How to disable the IP Spoofing Detection feature in Internet Security and Acceleration Server 2000

832659 The IP Spoof Detection feature in ISA Server 2000 may drop legal packets on systems that have multiple external interfaces

833786 Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks

Modification Type:MajorLast Reviewed:8/27/2004
Keywords:kbhowto kbinfo KB838114 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.