Introducing Application Filters
Forefront TMG handles data transfer on two levels. On the lower level, the kernel-mode packet engine can block or allow traffic based on previously defined rules. It can also pass packets to the higher level, which is the user-mode Microsoft Firewall service, for rule-engine decision making and deeper data inspection. Forefront TMG application filters are implemented as in-proc COM server DLLs that run in user mode, in the process space of the Firewall service.
Application filters work with the Firewall service to intercept and process data. Application filters can access the data stream or datagrams associated with a session within the Firewall service by hooking on the Firewall service connections. The filters are registered with the Firewall service and act according to events detected by the service. An application filter can perform protocol-specific or system-specific tasks, such as authentication and checking for viruses.
This section contains the following topics, which are best read in sequence:
- Filter Types
- Firewall Events
- Connection Emulation
- Asynchronous Input/Output
- Filter Requirements for SecureNAT Clients
- Filter Requirements for Firewall Clients
- Setting Filter Priorities
- Application Filter Objects
- Filter Object Model
- Using Events and Alerts
- Using Network Configuration Detection
Build date: 7/12/2010