Understanding a scenario where TMG drops the packet as spoofed even when the source IP doesn’t belong to the internal network

1. Introduction The core TMG behavior (which is the same on ISA) for handling spoofed packets is well known. Basically, if the IP address belongs to the internal network and it is received on the external interface, it is expected that the packet will be dropped. By definition, the intrusion detection system on TMG will…