Notes Regarding Firewalls and Proxies

DirectPlay

 
Microsoft DirectX 9.0 SDK Update (Summer 2003)

Notes Regarding Firewalls and Proxies


Following the guidelines outlined for maximizing Network Address Translation (NAT) support will maximize your application's firewall and proxy support as well. A few issues specific to firewalls and proxies are described here.

Windows Internet Connection Firewall

Microsoft® DirectPlay® works with the Internet Connection Firewall capabilities of Microsoft Windows® XP. When your application begins hosting, enumerating, or connecting, the appropriate ports will automatically open and when your application shuts down, these ports will automatically close. However, the user launching the application must be a member of the administrator group for the computer so that DirectPlay has the security permissions to open the ports. If the user is not an administrator, then only IDirectPlay8Client and IDirectPlay8Peer clients are supported.

You can disable the automatic Internet Connection Firewall traversal using the DPNA_KEY_TRAVERSALMODE device address component described in Basic NAT Issues for Peer Hosts, Basic NAT Issues for Peer Clients, Basic NAT Issues for Servers, and Basic NAT Issues for Clients.

Non-Microsoft Firewall Solutions

DirectPlay cannot automatically configure non-Microsoft firewalls. However, IDirectPlay8Client and IDirectPlay8Peer clients are generally supported without user intervention, unless the application relies on DirectPlay Server (DPNSVR). See Basic NAT Issues for Peer Clients or Basic NAT Issues for Clients for more information on avoiding DPNSVR.

The user should consult the product's documentation for information on how to allow hosts to traverse a particular non-Microsoft firewall.

Microsoft Internet Security and Acceleration Server

DirectPlay works with Microsoft Internet Security and Acceleration (ISA) Server. Clients that have the ISA Firewall Client software installed should not cancel the enumeration before connecting and should pass the address objects from the DPN_MSGID_ENUM_HOSTS_RESPONSE callback as described in Basic NAT Issues for Peer Clients and Basic NAT Issues for Clients. If the enumeration is cancelled, the ISA Server can close the virtual connection established by the enumeration and the call to IDirectPlay8Peer::Connect or IDirectPlay8Client::Connect will fail.

DPNSVR should also be avoided as described in Basic NAT Issues for Peer Hosts, Basic NAT Issues for Peer Clients, Basic NAT Issues for Servers, and Basic NAT Issues for Clients.

Hosts behind an ISA Server must manually configure the proxy to redirect traffic received externally to the internal host. Refer to the ISA Server documentation for information on defining server publishing and protocol rules.

Non-Microsoft Proxies

Applications should follow the guidelines described in Basic NAT Issues for Peer Hosts, Basic NAT Issues for Peer Clients, Basic NAT Issues for Servers, and Basic NAT Issues for Clients.

IDirectPlay8Client and IDirectPlay8Peer clients are generally supported, however the user should refer to the product's documentation for possible restrictions.

Hosts behind a non-Microsoft proxy must manually configure the proxy to redirect traffic received externally to the internal host. The user should refer to the product's documentation for directions on how to enable port forwarding.


© 2003 Microsoft Corporation. All rights reserved.