3.6.4.5 QueryFirewallConfiguration (Opnum 7)
The QueryFirewallConfiguration method determines whether the firewall state of the server is compatible with use in a failover cluster. The firewall settings that constitute failover cluster compatibility are implementation-specific. When the server firewall enforces policies specified in [MS-FASP], the server SHOULD determine the firewall state according to how the group of rules is enabled, as specified later in this section.
The server SHOULD support this method even if the server Initialization State is FALSE.
-
HRESULT QueryFirewallConfiguration( [out] BOOLEAN* serverRulesEnabled, [out] BOOLEAN* mgmtRulesEnabled );
serverRulesEnabled: An output parameter that MUST be set on a successful return. The value MUST be TRUE if firewall settings are compatible with server-to-server communication in a failover cluster. When the server firewall enforces policies specified in [MS-FASP], the server SHOULD set this value to TRUE if the group of rules with the localized name "Failover Clusters" is enabled.
-
Value
Meaning
TRUE
-128 — -1
Firewall settings allow the traffic specified previously.
FALSE
0
Firewall settings do not allow the traffic specified previously.
TRUE
1 — 128
Firewall settings allow the traffic specified previously.
mgmtRulesEnabled: An output parameter that MUST be set on a successful return. The value MUST be TRUE if firewall settings are compatible with failover cluster management components. When the server firewall enforces policies specified in [MS-FASP], the server SHOULD set this value to TRUE if the group of rules with the localized name "Failover Cluster Manager"<29> is enabled.
-
Value
Meaning
TRUE
-128 — -1
Firewall settings allow the traffic specified previously.
FALSE
0
Firewall settings do not allow the traffic specified previously.
TRUE
1 — 128
Firewall settings allow the traffic specified previously.
Return Values: A signed 32-bit value that indicates return status. If the method returns a negative value, it has failed. Zero or positive values indicate success, with the lower 16 bits in positive nonzero values containing warnings or flags defined in the method implementation. For more information about Win32 error codes and HRESULT values, see [MS-ERREF] sections 2.2 and 2.1.
-
Return value/code
Description
0x00000000
S_OK
The call was successful.
-
For any other condition, this method MUST return a value that is not one of the values listed in the preceding table. The client MUST behave in one consistent, identical manner for all values that are not listed in the preceding table.
Exceptions Thrown: No exceptions are thrown beyond those thrown by the underlying RPC protocol [MS-RPCE].
The opnum field value for this method is 7.
When processing this call the server MUST do the following:
Query the firewall state for the server to determine whether the Firewall Rules that meet the serverRulesEnabled category are present and enabled.
Query the firewall state for the server to determine whether the Firewall Rules that meet the mgmtRulesEnabled category are present and enabled.
Return the following information to the client:
serverRulesEnabled and mgmtRulesEnabled set as described previously.