ALE Multicast/Broadcast Traffic
Collapse the table of content
Expand the table of content

ALE Multicast/Broadcast Traffic

All inbound multicast and broadcast traffic at the Application Layer Enforcement (ALE) layers is mapped to one global ALE flow. Response traffic for inbound multicast and broadcast packets is classified at the FWPM_LAYER_ALE_AUTH_CONNECT_V{4|6} layer and separate ALE flows are created for each response.

Outbound multicast and broadcast traffic at the ALE layers creates a 4-second ALE flow. By default, the authorization of an outbound multicast or broadcast ALE packet will permit inbound traffic, whether unicast, multicast, or broadcast, from any remote address for up to 4 seconds. Such an ALE flow can only be refreshed or kept alive by subsequent outbound traffic that matches the ALE flow.

Note  The 4-second lifetime is specified by the built-in callout FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V{4|6}. To alter the 4-second default lifetime, add a filter that references the FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V{4|6} callout. See ALE Flow Customization for more information.

Related topics

Application Layer Enforcement (ALE)
ALE Layers
ALE Stateful Filtering
ALE Reauthorization
ALE Flow Customization



Community Additions

© 2016 Microsoft