RedirectConnections Method of the IFWXSession Interface

The RedirectConnections method enables connections by using a local, internal Microsoft Firewall service address.


HRESULT RedirectConnections(
  [in]			LPSOCKADDR ConnectAddresses[],
  [in]			DWORD ConnectAddressLength,
  [in]			DWORD dwNumberOfAddresses,
  [out]		 LPSOCKADDR InternalAddress,
  [in, out]	 LPDWORD InternalAddressLength,
  [in]			LPSOCKADDR ProxyExternalAddress,
  [in]			DWORD ProxyExternalAddressLength,
  [in]			INT Protocol,
  [in]			DWORD dwFlags,
  [in]			REFGUID ProtocolGuid,
  [in, optional]  IFWXSessionFilter* pSessionFilter,
  [in, optional]  IUnknown* punkContext,
  [out]		 IFWXFirewallAction* FirewallActionArray[]



Pointer to an array of pointers to sockaddr structures that contain the addresses to which the client connections will be redirected.


Length, in bytes, of the addresses pointed to by the ConnectAddresses parameter.


Number of addresses in the ConnectAddresses array.


The socket address on the Forefront TMG internal interface where the client should connect. This value is updated by the Firewall service.


Length, in bytes, of the InternalAddress parameter.


Pointer to a sockaddr structure that contains the Forefront TMG computer's external address used for the connection. This is useful in the case of multihomed Forefront TMG computers. Requesting a specific address ensures that a secondary connection uses the same IP address as the primary connection. This parameter can be NULL, defaulting to INADDR_ANY and 0 (any port).


Length, in bytes, of the ProxyExternalAddress structure.


Protocol flags. This parameter can have the following flag values:

Value Meaning


The connection will use a TCP socket.


The connection will use a UDP socket.


Connection flags. This parameter can be a combination of the following values:

Value Meaning


By default, a single outbound connection is expected. If this flag is specified, multiple connections to the same address will be possible.


The client is expected to use the permission shortly after the call. If the client does not make the connection, the permission automatically expires.


Each connection goes through user-mode code, regardless of whether kernel mode could be used for the connection.


The receive buffer will be increased to 64 kilobytes. This flag should be set to prevent packet loss if high-bandwidth packet bursts occur in a secondary UDP connection.


GUID that identifies the protocol that the connection is part of.


Pointer to the IFWXSessionFilter interface. Use with the punkContext parameter to receive an event of type fwx_EstablishedConnection (as defined in the FxwFirewallEventType enumerated type) from the Firewall service.


Provides user context information regarding the connection. Use with the pSessionFilter parameter to receive an event of type fwx_EstablishedConnection from the Firewall service. This parameter can be NULL. Specify NULL if notification of fwx_EstablishedConnection events is not required, or if you do not need to pass any context information.


Pointer to an array of IFWXFirewallAction interface pointers. The array is filled with pointers to IFWXFirewallAction interfaces to the firewall action objects created by this call. The array contains dwNumberOfAddresses pointers.

Return Value

This method returns S_OK if the call is successful; otherwise, it returns an error code.


This method is intended for use by filters that act as an application proxy that has to establish secondary connections and give the same address as the primary connection for the secondary connection.

Filters for Firewall clients and for SecureNAT clients usually use AllowFutureConnect instead.

Calling this method causes all filters that are registered for connect events on the appropriate port to be notified. If no data filters are installed, a kernel-mode NAT redirection may result.


Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).

Declared in Wspfwext.idl.


Requires Wspsrv.exe.

See Also


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.