Firewall Events

Firewall events are events that the Microsoft Firewall service triggers in response to occurrences of specific types. An application filter must register the types of events for which it should receive notifications when it is initialized by the Firewall service. When the Firewall service raises an event for which an application filter is registered for the first time in a specific user session, the Firewall service attaches the application filter to the related session, and the application filter creates an instance of its session filter object for the session. Then, the Firewall service notifies the filter about subsequent events for which the filter is registered in the same user session by calling the event handler implemented in the session filter object. This way, the application filter can monitor a session for events where a filter response, such as data filtering, might be needed. For more information about the event notification process in application filters, see Filter Object Model.

The following types of firewall events are defined in the FwxFirewallEventType enumerated type.

  • fwx_Connect_Tcp
    Request to connect to a TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxConnectEvent structure.

  • fwx_Udp_Destination
    Request to connect to or send data to a UDP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxUdpDestination structure.

  • fwx_Bind_Tcp
    Request to bind to a TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxBindEvent structure.

  • fwx_Bind_Udp
    Request to connect to a UDP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxBindEvent structure.

  • fwx_Listen
    Request to listen on a TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxListenEvent structure.

  • fwx_AcceptedConnection
    Arrival of an inbound connection on a listening TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxAcceptEvent structure.

  • fwx_GetHostByName
    Call to the gethostbyname function by a Forefront TMG Client or Firewall Client computer. This event is not generated for a SecureNAT client. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxGetHostByNameEvent structure.

  • fwx_GetHostByAddr
    Call to the gethostbyaddr function by a Forefront TMG Client or Firewall Client computer. This event is not generated for a SecureNAT client. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxGetHostByAddrEvent structure.

  • fwx_ConnectionTerminating
    Existence of a connection object that will be deleted when all references to it are released. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxEndConnectionEvent structure.

  • fwx_EstablishedConnection
    Establishment of a connection as a result of a call to the IFWXSession::AllowFutureConnect, IFWXSession::BindForClient, or IFWXSession::RedirectConnections method. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxEstablishedConnectionEvent structure.

In general, these events are generated both in the case of Forefront TMG Client and Firewall Client computers and SecureNAT clients.

 

 

Build date: 7/12/2010