FW_H_IPFragment

  • Article

To enable IP fragment filtering

  1. In the console tree of ISA Server Management, click General.

  2. In the details pane, click Define IP Preferences.

  3. On the IP Fragments tab, select Block IP fragments.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, expand Configuration and then click General.
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, expand Configuration and then click General.

Important

Kerberos authentication depends upon User Datagram Protocol (UDP) packets that are commonly fragmented. If your ISA Server computer or array is in a domain, and you enable the blocking of IP fragments, Kerberos authentication will fail. For example, if the computer uses Kerberos for authentication during user logon, logon will fail. We recommend that you do not enable the blocking of packets containing IP fragments in scenarios where Kerberos authentication is used.