Design Packet Filtering for DirectAccess

Updated: October 1, 2009

Applies To: Windows 7, Windows Server 2008 R2


This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (

Packet filtering must be modified for multiple components on your network to allow the following types of traffic:

  • DirectAccess client traffic to and from DirectAccess servers on the Internet

  • DirectAccess server traffic to and from the intranet

  • Encapsulated DirectAccess client traffic to and from the intranet

  • Teredo discovery traffic for DirectAccess clients located behind network address translators (NATs)

  • Management server traffic to DirectAccess clients

The following topics describe the required packet filtering for each of these types of traffic: