The Microsoft Firewall Service and Firewall Clients

A Firewall client captures a Windows Sockets (Winsock) API call in a client application and redirects it to the Microsoft® Firewall service, which makes the actual call. There are two connections: one on the private network from the client computer to the Forefront TMG computer and one over the Internet from the Internet host to the Forefront TMG computer.

The Firewall service consists of two parts: a dynamic-link library (DLL) running on the Firewall client and a service running on the Forefront TMG computer.

When the Firewall Client software is installed on the client computer, it installs two .dll files. The files intercept Winsock API calls from applications on the client and forward them to the Forefront TMG computer by using a control channel.

The control channel manages remote Winsock messages, and is designed to do the following:

The Firewall Client DLL is initialized when the first Winsock connection is attempted. A control channel with the Firewall service is established, and then designated as active through the channel. If Firewall client support is enabled for the Internal network, the set of IP address ranges included in the Internal network is copied from the server to the Firewall client's LAT for determining which destinations are on the Internet and which are local.

Note  The Firewall service makes use of the Windows Sockets 2.0 service provider interface (SPI) to implement a layered service provider (LSP). For more information about LSPs, see MSDN.

Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.