IFWXFirewall::CreatePrivateSession method

Applies to: desktop apps only

The CreatePrivateSession method creates a private session object for a given client.


HRESULT CreatePrivateSession(
  [in]   LPSOCKADDR ClientAddress,
  [in]   DWORD ClientAddressLength,
  [in]   LPSOCKADDR ProxyInternalAddress,
  [in]   DWORD ProxyInternalAddressLength,
  [in]   IFWXAuthenticatedUser *AuthenticatedUser,
  [out]  IFWXSession **ppPrivateSession


ClientAddress [in]

Pointer to a sockaddr structure that contains the address of the client for which the session object is needed.

ClientAddressLength [in]

Length, in bytes, of the structure pointed to by the ClientAddress parameter.

ProxyInternalAddress [in]

Pointer to a sockaddr structure that contains the internal address of the proxy used to communicate with the client.

ProxyInternalAddressLength [in]

Length, in bytes, of the structure pointed to by the ProxyInternalAddress parameter. On a multihomed computer, one with more than one internal interface, the filter uses this parameter to set which interface is to be used. Can be NULL, in which case the Microsoft Firewall service will select the internal interface.

AuthenticatedUser [in]

Pointer to an authenticated user object that will be used for impersonating the session's user. This parameter can be NULL, in which case only the client IP address will be used when processing rules.

ppPrivateSession [out]

Address of a parameter that receives a pointer to the IFWXSession interface on the newly created session.

Return value

This method returns S_OK if the call is successful; otherwise, it returns an error code.


A private session object allows a filter to use an application level authentication scheme.

Private sessions may be needed in outbound and inbound scenarios.

Outbound scenario: Session objects are created automatically for Firewall service or SecureNAT client requests, but not when an application connects to an internal address of the Forefront TMG computer through an application filter. A filter that acts as an application level proxy may have to create a private session object by using the IFWXFirewall::CreatePrivateSession method to have access to session dependent functions.

Inbound Scenario: Inbound primary connections can be directed to a SecureNAT client by using the IFWXFirewall::CreatePrivateSession or IFWXFirewall::GetClientSession method. Use IFWXFirewall::CreatePrivateSession when the inbound connection has been requested by an application, the SecureNAT client is not known by the Firewall service, and no session object has been created. Use the IFWXFirewall::GetClientSession method only if the filter can assert that the client is configured to be a SecureNAT client of that server.


Minimum supported client

None supported

Minimum supported server

Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)


Forefront Threat Management Gateway (TMG) 2010





See also




Build date: 7/12/2010