ALE Multicast/Broadcast Traffic

All inbound multicast and broadcast traffic at the Application Layer Enforcement (ALE) layers is mapped to one global ALE flow. Response traffic for inbound multicast and broadcast packets is classified at the FWPM_LAYER_ALE_AUTH_CONNECT_V{4|6} layer and separate ALE flows are created for each response.

Outbound multicast and broadcast traffic at the ALE layers creates a 4-second ALE flow. By default, the authorization of an outbound multicast or broadcast ALE packet will permit inbound traffic, whether unicast, multicast, or broadcast, from any remote address for up to 4 seconds. Such an ALE flow can only be refreshed or kept alive by subsequent outbound traffic that matches the ALE flow.

Note  The 4-second lifetime is specified by the built-in callout FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V{4|6}. To alter the 4-second default lifetime, add a filter that references the FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V{4|6} callout. See ALE Flow Customization for more information.

Related topics

Application Layer Enforcement (ALE)
ALE Layers
ALE Stateful Filtering
ALE Reauthorization
ALE Flow Customization

 

 

Community Additions

ADD
Show:
© 2014 Microsoft