Filter Setup

  • Article

An application filter must be installed locally on a Forefront TMG server where it will be invoked. The installation process must include copying the binary files of the application filter to the Forefront TMG server and registering the application filter as a COM server and as an extension of the Microsoft Firewall service in the stored Forefront TMG configuration. The installation process can include steps that define protocols, events, alerts, and other elements in the Forefront TMG configuration. Each time that the Firewall service starts on a Forefront TMG server, it creates an instance of the registered COM object that implements the IFWXFilter interface, known as the filter object, for each application filter that is installed and enabled on the computer. The Forefront TMG Management extension for an application filter should be installed in a completely separate process that includes copying its DLL to the Forefront TMG server and registering it as an extension.

When an Enterprise Management Server (EMS) is deployed, application filters and protocols can be registered in the stored Forefront TMG configuration on the enterprise level and on the array level. Registering application filters in the array configuration is required for enforcing their policy in the array. Registering application filters in the enterprise configuration is optional, but an application filter that is registered in the enterprise configuration benefits from the following features:

  • Vendor parameters sets that are attached to the application filter object and enterprise nodes are available to all Forefront TMG computers in all arrays in the enterprise.
  • Protocols that are defined in the enterprise configuration can be associated with the application filter in the enterprise configuration.
  • The application filter can be enabled or disabled in the enterprise configuration. If the application filter is enabled in the enterprise configuration, the enterprise setting is applied to each array, and the filter cannot be disabled in an array configuration. If the application filter is disabled in the enterprise configuration, it can be enabled or disabled in an array configuration.

Note  Enterprise-level configuration settings are available only in Forefront TMG Enterprise Edition. Forefront TMG Standard Edition is always installed as a standalone server in a configuration containing one array that is associated with a single Forefront TMG server.

This section contains the following topics:

 

 

Build date: 7/12/2010