Is it possible to allow a VPN client to do NetBIOS broadcast name resolution through TMG?
In the TMG Queries I can see the rule that is blocking ClientIP->255.255.255.255
I've tried adding 255.255.255.255 to the Internal IP Range.
My VPN Client cannot resolve a NetBIOS name on my internal network. An a server on the internal network cannot resolve the NetBIOS name of the VPN client.
Thanks in advance.
Best Answer
255.255.255.255 is the layer 2 broadcast address. NetBIOS is a layer 3 protocol. As such you should be seeing NetBIOS broadcasts to x.x.x.255, where x.x.x is your subnet address. Broadcast traffic to 255.255.255.255 is related to some layer 2 protocol, not NETBIOS.
Here's an example of a NetBIOS name query on my home network from my workstation (192.168.1.66) looking for my AppleTV:
EDIT:
In response to ceving's comment, let me clarify, and if I'm wrong, someone please correct me.
A layer 2 broadcast (sent to FF-FF-FF-FF-FF-FF) is sent to 255.255.255.255 at layer 3 (which is a limited broadcast meant for all nodes on the same physical network). Your subnet broadcast address is always x.x.x.SubnetBroadcastAddress (which is a directed broadcast, which in the OP's case is 192.168.1.255, which is intended for all nodes on the x.x.x.x subnet). A broadcast sent to FF-FF-FF-FF-FF/255.255.255.255 is meant for every node on the same physical network and since NetBIOS works at layer 3, it will never send a NetBIOS broadcast to 255.255.255.255, only to the subnet broadcast address (192.168.1.255 in this case). Therefore, the broadcast traffic that the OP is seeing is not NetBIOS broadcast traffic but layer 2 broadcast traffic meant for every node on that physical network.
A limited broadcast (FF-FF-FF-FF-FF-FF/255.255.255.255) is meant for all nodes on the same physical network, whereas a directed broadcast (FF-FF-FF-FF-FF-FF/x.x.x.SubnetBroadcastAddress) is intended for specific nodes on that network (those that match the subnet address), to which there may be connected nodes in different subnets (multinets). Nobody ever said that all of the nodes on the same layer 2 network have to belong to the same layer 3 network, hence why the limited broadcast address (FF-FF-FF-FF-FF-FF/255.255.255.255) exists. In both cases the layer 2 destination is FF-FF-FF-FF-FF-FF, the difference is in which nodes accept the broadcast, based on the layer 3 address.