Microsoft KB Archive/243798

= Proxy 2.0 Packet Filtering Does Not Detect Change in Adapter Status in Windows 2000 =

Article ID: 243798

Article Last Modified on 7/5/2000

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q243798



This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location from which you downloaded the release.



SYMPTOMS
In Microsoft Windows 2000, you can enable or disable a network adapter without rebooting the computer. The change in adapter status takes effect immediately, without the need to reboot the computer.

Microsoft Proxy Server 2.0 includes a firewall feature that is implemented as a Packet Filter driver that is loaded below the IP stack on the Proxy server's external interfaces. An external interface is any network adapter whose IP address in not included in the Proxy local address table.

Proxy 2.0 cannot detect a change in network adapter status when an adapter is manually enabled or disabled while the Proxy services are running. If Packet Filtering is enabled on the Proxy server, Packet Filter settings do not apply to adapters that are added or enabled while the Proxy services are running. This could potentially be a security problem if a new adapter is enabled on an external network because the adapter does not use Packet Filtering; the server could be vulnerable to an attack.

This issue also causes Proxy Server 2.0 packet filters to not be applied to RRAS demand-dial interfaces which connect and obtain an IP address outside of the LAT, even on Windows NT 4.0.



RESOLUTION
To be sure that Packet Filtering is protecting the Proxy server, reboot the server after you enable or disable any external network adapters. This reinitializes all of the Proxy services and reloads the Packet Filter driver with the new adapter parameters. It is not enough to simply restart the Proxy services.



STATUS
Microsoft has confirmed that this is a problem in Proxy Server 2.0 on Windows 2000.



MORE INFORMATION
For additional information about configuring network adapters for Proxy Server, click the article number below to view the article in the Microsoft Knowledge Base:

243078 Proxy Server Network Interface Configuration

Keywords: kbbug kbenv kbpending KB243798

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.