FPCProtocolDefinition Object

The FPCProtocolDefinition object represents a single protocol that is supported by the Microsoft Firewall service. This object can represent one of the predefined protocols that come with Forefront TMG, a user-defined protocol, or a protocol installed with an application filter.

A protocol definition may include a set of primary connections, a set of secondary connections, and a set of application filters that are associated with the protocol. Each connection, in turn, is defined by the name of an IP protocol, a port number or a range of port numbers, and a direction, which may be outbound or inbound.

Protocol definitions are used in policy rules (FPCPolicyRule objects). For access rules, the primary connections specified in a protocol definition are usually defined as outbound. These connections allow traffic from the network entities specified as the rule sources to the network entities specified as the rule destinations. For server publishing rules, the primary connections specified in a protocol definition must be defined as inbound. These connections allow traffic from the network entities specified as the network sources to the published service on the server.

A policy rule can allow or deny traffic only for the protocols with which it is associated. For access rules, including system policy rules, these protocols are referenced by the FPCRefs collection held in the SpecifiedProtocols property, and for server publishing rules, the associated protocol is referenced by the FPCRef object held in the PublishedProtocol property. When a policy rule allows traffic, the Firewall service checks the definition of the protocol being used and passes the traffic to the all the application filters associated with the protocol definition for further scrutiny.

A protocol definition that is created and installed by an application filter is disabled when the application filter is disabled, and all traffic that uses the protocol is blocked.

The primary connections in protocol definitions may associate multiple protocols with the same port. When traffic is sent to a port that is associated with multiple (overlapped) protocols, the first policy rule that matches the traffic for each protocol is found, and the rule that is highest in the list of rules is applied. In addition, all the rules for the applicable protocols in the ordered list of rules are processed, their secondary connections are added to the session, and the application filters associated with them are invoked until an access rule that denies traffic is encountered.

The FPCProtocolDefinition object is an element of an FPCProtocolDefinitions collection, and a new object representing a protocol definition can be created by calling the Add method of this collection.

Click here to see the Forefront TMG object hierarchy.

Inheritance

This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting an object's data to and importing it from an XML document.

Methods

The FPCProtocolDefinition object does not define any methods.

Properties

The FPCProtocolDefinition object defines the following properties.

Property Description

ApplicationFilterDefined

Gets or sets a Boolean value that indicates whether the protocol is defined by an application filter.

ApplicationFilters

Gets an FPCRefs collection that contains references to the FPCApplicationFilter objects defining the application filters associated with the protocol.

Description

Gets or sets the description of the protocol.

Guid

Gets the GUID that identifies the protocol.

Name

Gets or sets the name of the protocol.

Predefined

Gets a Boolean value that indicates whether the protocol is a predefined Forefront TMG protocol.

PrimaryConnections

Gets an FPCProtocolConnections collection that contains all of the protocol's primary connections.

ProtocolCategory

Gets the category of the protocol.

SecondaryConnections

Gets an FPCProtocolConnections collection that contains all of the protocol's secondary connections.

Methods Inherited from FPCPersist

Name Description
CancelWaitForChanges Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only).
CanImport Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document.
Export Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML document.
ExportToFile Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML file.
GetServiceRestartMask Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect.
Import Recursively copies the values of all the properties of the object and of its subobjects from the specified XML document to persistent storage.
ImportFromFile Recursively copies the values of all the properties of the object and of its subobjects from the specified XML file to persistent storage.
LoadDocProperties Provides the XML document's properties so that you can know what information can be imported from the document.
Refresh Recursively reads the values of all the properties of the object and of its subobjects from persistent storage, overwriting any changes that have not been saved.
Save Recursively writes the current values of all the properties of the object and its subobjects to persistent storage.
WaitForChanges Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only).

Properties Inherited from FPCPersist

Name Description
PersistentName Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy.
VendorParameterSets Gets an FPCVendorParametersSets collection that can hold sets of custom data for extending the object.

Interfaces for C++ Programming

This object implements the IFPCProtocolDefinition interface.

Requirements

Client Requires Windows Vista or Windows XP.
Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).
IDL

Declared in Msfpccom.idl.

See Also

COM Objects


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.