About application filter protocols

Some application filters create and install new protocols. These protocols are complex protocols, meaning that they have secondary connections. By translating the ports used by these complex protocols, the application filter enables them, allowing traffic that uses these protocols to pass. The primary connections for these protocols function whether the application filter is enabled or not.

Other application filters filter traffic of existing protocols, either user-defined or configured by Microsoft Forefront Threat Management Gateway. When these application filters are disabled, the protocols that they filter are not disabled. For example, even if you disable the Simple Mail Transfer Protocol (SMTP) filter, SMTP protocols might still be allowed to pass (unfiltered).

You can apply one or more application filters to a protocol, to control how this protocol is used. For example, Web Proxy Filter applies to the Hypertext Transfer Protocol (HTTP). When you disable Web Proxy Filter, Web filters will not apply to traffic that matches this rule. In addition, you can configure a protocol so that an application filter does not apply to the protocol.

The following describes the process:

  1. The client opens a primary connection to a server on the Internet.
  2. The Forefront TMG computer notifies the filter about the connection.
  3. The filter examines the data that is flowing through the primary connection and determines which secondary connection the client is going to use.
  4. The filter informs the Forefront TMG computer to allow that particular secondary connection.
  5. The Forefront TMG computer opens the specific port, as indicated by the application filter.
Protocols installed with application filters cannot be modified, although they can be deleted. Protocol definitions with attached application filters usually do not have predefined secondary connections.