I recently began to receive a huge (600 thousand to 2 million per day) number of FWX_E_TCP_NOT_SYN_PACKET_DROPPED, 0xc0040017 entries in my Forefront TMG logs.
If the top 3 source IPs are any indication there is no legitimate traffic to or from the IPs initiating these scans. How can I suppress these from being logged by Forefront?
Unfortunately using a standard suppression rule does not work work. I already had a suppression list in place for certain traffic, including the multicast range. This was at the top of my rule set. The rule listed is 'None - see Result Code', even for traffic being suppressed.