Support Center

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Lot of DENY issues on TMG

Maxim Jul 04, 2012 03:52AM PDT

Dear collegues,

Another strange issue with TMG Reporter.
After installation, we got a lot of strange ICMP requests on our TMG server.

It looks like this:
Journal Type: Firewall service
State: User request denied by policy.
Rule: Default rule
Source: Internal (
Destination: Localhost (
Protocol: Unidentified IP-data (ICMP:256)
Additional information
Sent bytes: 0 Received bytes: 0
Processing time: 0ms Original client IP-address:

TMG Reporter logs it as a "blocked hits" and since yesterday it counts 12 millions.

Could you please advice?
Thanks a lot!

Up -1 rated Down
Maxim Jul 04, 2012 06:08AM PDT
Sorry, I forgot to mension, that is an IP address of a server with TMG Reporter installed and is a TMG server itself.
Up -12 rated Down
Fastvue Jul 04, 2012 11:53AM PDT FASTVUE Agent
Hi Maxim,

TMG Reporter or the Arbiter should not be sending any unnecessary icmp packets, especially not on port 256. Is anything else running on the server?

Can you try running the netstat command on the Fastvue server to investigate which process ids are using icmp? try:
cmd> netstat -ao

Then look through the list to see your ICMP packets and look at the process IDs. You can then use task manager to find the process with the corresponding process IDs.

This page lists some 'known' services to use port 256. Do any of them sound familiar?:

Let me know what you find out!

Up 0 rated Down
Fastvue Jul 13, 2012 09:33AM PDT FASTVUE Agent
Maxim - how did you go with my suggestions above?

Post Your Public Answer

Your name (required)
Your email address (required)
Answer (required)
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found