Home > Forefront TMG 2010, Networking, Troubleshooting, Utilities > Fwengmon.exe and Forefront Threat Management Gateway (TMG) 2010

Fwengmon.exe and Forefront Threat Management Gateway (TMG) 2010

November 2, 2010

For engineers performing advanced troubleshooting on TMG, you have likely noticed that fwengmon.exe, a utility that you used with previous versions of ISA, no longer functions with TMG.

Not to worry! This detailed information is readily accessible using netsh.exe in the tmg context. The following is a list of common commands and their fwengmon.exe equivalents (where applicable):

To view creation objects, active sessions, NLB hook rules, NLB server assigned ranges, and dynamic and persistent allowed ranges:

netsh tmg show all

To view connections only (fwengmon.exe /session or /s):

netsh tmg show connections

To view detailed information about a specific connection (fwengmon.exe /s <ID>):

netsh tmg show connections <connection_number>

To view firewall creation elements (fwengmon.exe /creations or /c):

netsh tmg show creations

Note: You can sort and filter output from show connections or show creations by source IP address, source port, destination IP address, destination port, or protocol using the sort and filter parameters (fwengmon.exe /organize or /o, or fwengnmon.exe /filter or /f). You can also limit the number of connections or creations displayed using the display parameter. Type netsh tmg show connections ? or netsh tmg show creations ? for more information.

To show NLB hook rules (fwengmon.exe /querynlb or /n):

netsh tmg show nlbhookrules

To view packets held in kernel mode:

netsh tmg show holdpackets

To view packets held in user mode:

netsh tmg show usermodepackets

To view global firewall engine driver settings:

netsh tmg show global

To specify a temporary address range to exempt from firewall filtering (fwengmon.exe /allow or /a):

netsh tmg add allowedrange <beginning_ip> <ending_ip>

To specify a permanent address range to exempt from firewall filtering (fwengmon.exe /allow or /a):

netsh tmg add allowedrange <beginning_ip> <ending_ip> persistent

Note: netsh tmg add allowedrange allows all traffic to and from hosts within the IP address range specified to bypass stateful firewall inspection completely. It should be used for troubleshooting purposes only.

To delete a temporary address range (fwengmon.exe /noallow):

netsh tmg delete allowedrange id=<id>

To delete a permanent address range (fwengmon.exe /noallow):

netsh tmg delete allowedrange id=<id> persistent
Categories: Forefront TMG 2010, Networking, Troubleshooting, Utilities
  1. amit
    July 16, 2011 at 4:29 pm

    Correct command is

    netsh tmg ADD allowedrange

  2. Richard Hicks
    July 17, 2011 at 7:53 am

    It certainly is. Thanks for the correction! 🙂

  1. No trackbacks yet.
Comments are closed.