2.2.51 FW_CS_RULE_FLAGS

This enumeration describes flag values for connection security rules.

 typedef  enum _tag_FW_CS_RULE_FLAGS
 {
   FW_CS_RULE_FLAGS_NONE = 0x00,
   FW_CS_RULE_FLAGS_ACTIVE = 0x01,
   FW_CS_RULE_FLAGS_DTM = 0x02,
   FW_CS_RULE_FLAGS_TUNNEL_BYPASS_IF_ENCRYPTED = 0x08,
   FW_CS_RULE_FLAGS_OUTBOUND_CLEAR = 0x10,
   FW_CS_RULE_FLAGS_APPLY_AUTHZ = 0x20,
   FW_CS_RULE_FLAGS_KEY_MANAGER_ALLOW_DICTATE_KEY = 0x40,
   FW_CS_RULE_FLAGS_KEY_MANAGER_ALLOW_NOTIFY_KEY = 0x80,
   FW_CS_RULE_FLAGS_SECURITY_REALM = 0x100,
   FW_CS_RULE_FLAGS_MAX = 0x200,
   FW_CS_RULE_FLAGS_MAX2_1 = 0x02,
   FW_CS_RULE_FLAGS_MAX_V2_10 = 0x40,
   FW_CS_RULE_FLAGS_MAX_V2_20 = 0x100
 } FW_CS_RULE_FLAGS;

FW_CS_RULE_FLAGS_NONE:  This value means that none of the following flags are set. This value is defined for simplicity in writing IDL definitions and code.

FW_CS_RULE_FLAGS_ACTIVE:  If this flag is set, the rule is enabled; otherwise, the rule is disabled.

FW_CS_RULE_FLAGS_DTM:  If this flag is set, the rule is a dynamic tunnel mode rule.

FW_CS_RULE_FLAGS_TUNNEL_BYPASS_IF_ENCRYPTED:  This flag MUST only be set on tunnel mode rules. If this flag is set and traffic is already arriving encrypted, it is exempted from the tunnel.

FW_CS_RULE_FLAGS_OUTBOUND_CLEAR:  This flag MUST only be set on tunnel mode rules. If set, when outbound traffic matches the rule, it leaves unprotected, but inbound traffic MUST arrive through the tunnel.

FW_CS_RULE_FLAGS_APPLY_AUTHZ:  This flag MUST only be set on tunnel mode rules. If this flag is set, the authenticated peers of the traffic MUST match the SDDLs that are specified in FW_GLOBAL_CONFIG_IPSEC_TUNNEL_REMOTE_MACHINE_AUTHORIZATION_LIST and FW_GLOBAL_CONFIG_IPSEC_TUNNEL_REMOTE_USER_AUTHORIZATION_LIST.

FW_CS_RULE_FLAGS_KEY_MANAGER_ALLOW_DICTATE_KEY:  If this flag is set, external key managers are permitted to dictate the cryptographic keys used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.

FW_CS_RULE_FLAGS_KEY_MANAGER_ALLOW_NOTIFY_KEY:  If this flag is set, external key managers are notified of the cryptographic keys used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.

FW_CS_RULE_FLAGS_SECURITY_REALM: If this flag is set, the connection security rule is associated with a security realm. The wszRuleId of the connection security rule is the same as the IPsec Security Realm ID that it is associated with. For schema versions 0x0200, 0x0201, 0x20A, and 0x0214, this value is invalid and MUST NOT be used.

FW_CS_RULE_FLAGS_MAX:  This value and values that exceed this value are not valid for all schema versions and MUST NOT be used. It is only defined for simplicity in writing IDL definitions and code. This symbolic constant has a value of 0x200.

FW_CS_RULE_FLAGS_MAX2_1:  This value and values that exceed this value are not valid and MUST NOT be used by servers and clients with schema version 0x0201 and earlier. It is defined for simplicity in writing IDL definitions and code. This symbolic constant has a value of 0x02.

FW_CS_RULE_FLAGS_MAX_V2_10:  This value and values that exceed this value are not valid and MUST NOT be used by servers and clients with schema version 0x020A and earlier. It is defined for simplicity in writing IDL definitions and code. This symbolic constant has a value of 0x40.

FW_CS_RULE_FLAGS_MAX_V2_20:  This value and values that exceed this value are not valid and MUST NOT be used by servers and clients with schema version 0x0214 and earlier. It is defined for simplicity in writing IDL definitions and code. This symbolic constant has a value of 0x100.