ALE Multicast/Broadcast Traffic
All inbound multicast and broadcast traffic at the Application Layer Enforcement (ALE) layers is mapped to one global ALE flow. Response traffic for inbound multicast and broadcast packets is classified at the FWPM_LAYER_ALE_AUTH_CONNECT_V{4|6} layer and separate ALE flows are created for each response.
Outbound multicast and broadcast traffic at the ALE layers creates a 4-second ALE flow. By default, the authorization of an outbound multicast or broadcast ALE packet will permit inbound traffic, whether unicast, multicast, or broadcast, from any remote address for up to 4 seconds. Such an ALE flow can only be refreshed or kept alive by subsequent outbound traffic that matches the ALE flow.
Note
The 4-second lifetime is specified by the built-in callout FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V{4|6}. To alter the 4-second default lifetime, add a filter that references the FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V{4|6} callout. See ALE Flow Customization for more information.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for