The FPCProtocolDefinition object represents a single protocol that is supported by the Microsoft Firewall service. This object can represent one of the predefined protocols that come with Forefront TMG, a user-defined protocol, or a protocol installed with an application filter.
A protocol definition may include a set of primary connections, a set of secondary connections, and a set of application filters that are associated with the protocol. Each connection, in turn, is defined by the name of an IP protocol, a port number or a range of port numbers, and a direction, which may be outbound or inbound.
Protocol definitions are used in policy rules (FPCPolicyRule objects). For access rules, the primary connections specified in a protocol definition are usually defined as outbound. These connections allow traffic from the network entities specified as the rule sources to the network entities specified as the rule destinations. For server publishing rules, the primary connections specified in a protocol definition must be defined as inbound. These connections allow traffic from the network entities specified as the network sources to the published service on the server.
A policy rule can allow or deny traffic only for the protocols with which it is associated. For access rules, including system policy rules, these protocols are referenced by the FPCRefs collection held in the SpecifiedProtocols property, and for server publishing rules, the associated protocol is referenced by the FPCRef object held in the PublishedProtocol property. When a policy rule allows traffic, the Firewall service checks the definition of the protocol being used and passes the traffic to the all the application filters associated with the protocol definition for further scrutiny.
A protocol definition that is created and installed by an application filter is disabled when the application filter is disabled, and all traffic that uses the protocol is blocked.
The primary connections in protocol definitions may associate multiple protocols with the same port. When traffic is sent to a port that is associated with multiple (overlapped) protocols, the first policy rule that matches the traffic for each protocol is found, and the rule that is highest in the list of rules is applied. In addition, all the rules for the applicable protocols in the ordered list of rules are processed, their secondary connections are added to the session, and the application filters associated with them are invoked until an access rule that denies traffic is encountered.
The FPCProtocolDefinition object is an element of an FPCProtocolDefinitions collection, and a new object representing a protocol definition can be created by calling the Add method of this collection.
Click here to see the Forefront TMG object hierarchy.
This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting an object's data to and importing it from an XML document.
The FPCProtocolDefinition object does not define any methods.
The FPCProtocolDefinition object defines the following properties.
Property | Description |
---|---|
Gets or sets a Boolean value that indicates whether the protocol is defined by an application filter. |
|
Gets an FPCRefs collection that contains references to the FPCApplicationFilter objects defining the application filters associated with the protocol. |
|
Gets or sets the description of the protocol. |
|
Gets the GUID that identifies the protocol. |
|
Gets or sets the name of the protocol. |
|
Gets a Boolean value that indicates whether the protocol is a predefined Forefront TMG protocol. |
|
Gets an FPCProtocolConnections collection that contains all of the protocol's primary connections. |
|
Gets the category of the protocol. |
|
Gets an FPCProtocolConnections collection that contains all of the protocol's secondary connections. |
Name | Description |
---|---|
CancelWaitForChanges | Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only). |
CanImport | Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document. |
Export | Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML document. |
ExportToFile | Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML file. |
GetServiceRestartMask | Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect. |
Import | Recursively copies the values of all the properties of the object and of its subobjects from the specified XML document to persistent storage. |
ImportFromFile | Recursively copies the values of all the properties of the object and of its subobjects from the specified XML file to persistent storage. |
LoadDocProperties | Provides the XML document's properties so that you can know what information can be imported from the document. |
Refresh | Recursively reads the values of all the properties of the object and of its subobjects from persistent storage, overwriting any changes that have not been saved. |
Save | Recursively writes the current values of all the properties of the object and its subobjects to persistent storage. |
WaitForChanges | Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only). |
Name | Description |
---|---|
PersistentName | Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy. |
VendorParameterSets | Gets an FPCVendorParametersSets collection that can hold sets of custom data for extending the object. |
This object implements the IFPCProtocolDefinition interface.
Client | Requires Windows Vista or Windows XP. |
---|---|
Server | Requires Windows Server 2008. |
Version | Requires Forefront Threat Management Gateway (TMG). |
IDL |
Declared in Msfpccom.idl. |
Send comments about this topic to Microsoft
Build date: 11/30/2009
© 2008 Microsoft Corporation. All rights reserved.