IPRoutingEnabled Property of the IFPCAttackDetection Interface

The IPRoutingEnabled property gets or sets a Boolean value that indicates whether IP routing is enabled.

HRESULT put_IPRoutingEnabled(
	VARIANT_BOOL fIPRoutingEnabled
HRESULT get_IPRoutingEnabled(
	VARIANT_BOOL* pfIPRoutingEnabled



Pointer to a Boolean value that is set on return to VARIANT_TRUE if IP routing is enabled, or to VARIANT_FALSE if IP routing is disabled.


Boolean value that indicates whether IP routing is enabled.

Return Value

These property methods return S_OK if the call is successful; otherwise, they return an error code.

[Visual Basic]
Property IPRoutingEnabled As Boolean

Property Value

Boolean value that indicates whether IP routing is enabled.

Example Code

This VBScript script retrieves the value of the IPRoutingEnabled property and displays a message indicating whether IP routing is enabled. The script can then enable or disable IP routing according to the option selected by the user. This script does not include error handling.
Option Explicit

Sub Main(args)
	If(args.Count <> 1) Then
	End If
	Select Case UCase(args(0))
		Case "C"
			EnableDisableIpRouting ""
		Case "E"
			EnableDisableIpRouting True
		Case "D"
			EnableDisableIpRouting False
	Case Else
	End Select
End Sub

Sub EnableDisableIpRouting(newValue)
	' Create the root object.
	Dim root  ' The FPCLib.FPC root object
	Set root = CreateObject("FPC.Root")
	'Declare the array object and a Boolean.
	Dim tmgArray	 ' An FPCArray object
	Dim curValue   ' A Boolean
	' Get a reference to the array object.
	Set tmgArray = root.GetContainingArray()
	curValue = tmgArray.ArrayPolicy.AttackDetection.IPRoutingEnabled
	If curValue = True Then
		WScript.Echo "IP routing is enabled."
		WScript.Echo "IP routing is disabled."
	End If
	If newValue <> "" AND newValue <> curValue Then		 
		tmgArray.ArrayPolicy.AttackDetection.IPRoutingEnabled = _
		tmgArray.Save True
		If newValue = True Then
			WScript.Echo "IP routing has been enabled."
			WScript.Echo "IP routing has been disabled."
		End If
	End If
End Sub 

Sub Usage()
	WScript.Echo "Usage:" & VbCrLf _
		& "  CScript " & WScript.ScriptName & " {C | E | D}" & VbCrLf _
		& "" & VbCrLf _
		& "  C - Show current status" & VbCrLf _
		& "  E - Enable IP routing" & VbCrLf _
		& "  D - Disable IP routing"
End Sub


This property is read/write. Its value is set to True (VARIANT_TRUE in C++) during Forefront TMG setup.

When IP routing is enabled, the Forefront TMG computer acts as a router, forwarding packets from the source to the destination in kernel mode. Some filtering is performed by the driver in user mode on the traffic being forwarded. When IP routing is disabled, Forefront TMG copies each packet, and then resends it through the driver in user mode. Only the data (and not the original network packet) is sent to the destination. Although IP routing improves performance, disabling IP routing is considered more secure.

After the value of the IPRoutingEnabled property has been modified, the change must be written to persistent storage by calling the Save method, and the Microsoft Firewall service must be restarted for the change to take effect. For more information about restarting the Firewall service to apply changes, see Restarting Services After Configuration Changes.

This property cannot be set through Forefront TMG Management.


Client Requires Windows Vista or Windows XP.
Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).

Declared in Msfpccom.idl.


Requires Msfpccom.dll.

See Also


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.