This topic describes how to verify that the Network Inspection System (NIS) is properly configured, and actively protecting your networks from attack. Each NIS signature set includes several test signatures that you can use to test that NIS is functioning properly.

The following procedure describes how to confirm that NIS is properly configured, and if not, how to diagnose and resolve the issue.


To test that NIS is functioning as expected, you must have an internal client that can access the Internet through Forefront TMG.

To test the NIS functionality

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. On the details pane of the Network Inspection System (NIS) tab, double-click the signature Plcy:Win32/NIS.Signature.Test!0000-0000.

  3. On the General tab, verify that the signature’s effective configuration is set to Custom, Enable, and Block. Note or copy the full path of the domain name displayed in the signature description box.

  4. In the browser of the internal client, type or paste the full path of the domain name and try to access the Web site. If NIS is working properly, you will receive an error message from the browser: Network Access Message: The page cannot be displayed. Note in the section Technical Information (for support personnel), the error code is 502 Proxy Error. The traffic was blocked by IPS.

  5. If you do not receive an error page, this may be due to one of the following reasons:

    • NIS is not enabled. For instructions on enabling NIS, see Enabling and configuring the Network Inspection System.

    • The HTTP request is not sent through this Forefront TMG server. Check the browser’s proxy configuration, and the Forefront TMG logs, to see if the Web traffic from the client computer is reaching this server.

    • The client computer is excluded from NIS inspection. For instructions about adding and removing network entities from the NIS exclusion list, see Defining NIS exceptions.

    • The URL entered in the browser’s address bar is incomplete. Verify that it matches exactly the URL in the signature description.

Next Steps

Related Topics

Copyright © 2009 by Microsoft Corporation. All rights reserved.