FwxFirewallEventProtocolSource enumeration

  • Article

Applies to: desktop apps only

The FwxFirewallEventProtocolSource enumerated type contains values that specify the protocols and types of connections that can be associated with an event for which notifications are sent to the filter. You can use these values to indicate whether events associated with all protocols and events associated with secondary connections will invoke the filter. For example, use the fwxAssociatedProtocolsAllConnections value for a filter that will be invoked for traffic in secondary connections.

Syntax

typedef enum FwxFirewallEventProtocolSource { 
  fwxAnyProtocol                        = 0x01000000,
  fwxAssociatedProtocolsAllConnections  = 0x02000000
} FwxFirewallEventProtocolSource;

Constants

  • fwxAnyProtocol
    The filter will be invoked for any protocol. When IP routing is enabled (the default setting), this value includes only protocols, such as FTP, that are associated with an application filter. When IP routing is disabled, this value includes all protocols.

  • fwxAssociatedProtocolsAllConnections
    The filter will be invoked for both primary and secondary connections. If this flag is not set, only events associated with primary connections will invoke the filter.

Remarks

Each value defined in the FwxFirewallEventProtocolSource enumerated type represents a single bit. The values defined in this enumerated type can be combined with one another and with values from the FwxFirewallEventType and FwxFirewallEventSource enumerated types by using the bitwise OR operator. The combined value is then used in the dwGlobalEvents member of the FwxFilterHookEvents structure that is passed by the FilterInit method to the Firewall service.

When IP routing is enabled, Forefront TMG forwards IP traffic for protocols that are not associated with an application filter in kernel mode. This traffic does not reach the Firewall service and cannot be captured by application filters that are not associated with a protocol.

If IP routing is disabled, traffic for protocols that are not associated with an application filter will also reach the Firewall service and can be captured by application filters. Note that disabling IP routing may severely impact performance because all traffic passing through the Forefront TMG computer is handled in user mode.

Traffic originating from the Forefront TMG computer itself (from the Local Host network) is always handled as if IP routing is enabled and will not reach application filters that are not associated with a protocol.

Requirements

Minimum supported client

 None supported

Minimum supported server

 Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)

Version

 Forefront Threat Management Gateway (TMG) 2010

Header

 Wspfwext.idl

See also

Filter Enumerated Types

 

 

Build date: 7/12/2010