EmulateClientBind Method of the IFWXSession Interface

The EmulateClientBound method allows a client that did not create a remote bind to receive a primary inbound connection.


HRESULT EmulateClientBind(
  [in]   LPSOCKADDR ClientAddress,
  [in]   DWORD ClientAddressLength,
  [in]   LPSOCKADDR ProxyAddress,
  [in]   DWORD ProxyAddressLength,
  [in]   INT Protocol,
  [in]   REFGUID ProtocolGuid,
  [out]  IFWXConnection** piConnection,
  [in]   BOOL fInternalAddressTranslation



Pointer to a sockaddr structure that contains the address that the client used.


Length, in bytes, of the ClientAddress parameter.


Pointer to a sockaddr structure that contains the address to which the filter is to emulate a bind. This is usually an external IP address of the Forefront TMG computer and a specific port number. The EmulateClientBind method does not actually bind to that address. The address is used for the bind event generated.


Length, in bytes, of the ProxyAddress parameter.


Protocol flag. This parameter can have the following flag values:

Value Meaning


The request is for a TCP socket.


The request is for a UDP socket.


GUID identifying the protocol that the connection is part of.


Address of an interface pointer that on return points to the resulting IFWXConnection interface.


Boolean value that indicates whether the translation of external addresses to internal addresses is to be enabled for the inbound connection.

Return Value

This method returns S_OK if the call is successful; otherwise, it returns an error code.


This method should be called by a filter whose purpose is to enable a specific protocol. The filter uses this method when it needs to forward a primary connection made from an external source to a local computer that did not make a remote bind through the Microsoft Firewall service. For example, this could be a local computer that is not a Firewall client.

This method will usually be called by a filter that is listening on some well-known port when it receives a connection. The filter decides (based on the source address, data exchange with the caller, a hard-coded address, and so on) that this call should be forwarded to some internal client.

The filter cannot use the BindForClient method because the well-known port is already in use and the connection was already made.

This method creates a connection object on which the caller can call the IFWXConnection::EmulateConnection method and forward the connection to the client.

Like other bind requests, any filter registered for the fwx_Bind_* events is notified about this bind and has an opportunity to deny it. It may also install a data filter. Other filters cannot emulate this bind because the caller is already emulating it.


Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).

Declared in Wspfwext.idl.


Requires Wspsrv.exe.

See Also


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.