Filtering sublayer identifiers

The Windows Filtering Platform (WFP) sublayer identifiers are each represented by a GUID.

These identifiers are defined as follows.

FWPM_SUBLAYER_EDGE_TRAVERSAL / FWPM_SUBLAYER_TEREDO

Edge traversal filters are added to this sublayer.

Note

For Windows 7 and later, use FWPM_SUBLAYER_EDGE_TRAVERSAL.

FWPM_SUBLAYER_INSPECTION

This is the lowest weighted sublayer. It is used only for inspection filters.

FWPM_SUBLAYER_IPSEC_DOSP

IPsec DoS Protection filters are added to this sublayer.

Note

Available only on Windows Vista with SP1, Windows Server 2008, and later.

FWPM_SUBLAYER_IPSEC_FORWARD_OUTBOUND_TUNNEL

IPsec forward outbound tunnel filters are added to this sublayer.

Note

Available only on Windows 7, Windows Server 2008 R2, and later.

FWPM_SUBLAYER_IPSEC_TUNNEL

IPsec tunnel filters are added to this sublayer.

FWPM_SUBLAYER_LIPS

Legacy IPsec filters are added to this sublayer.

FWPM_SUBLAYER_RPC_AUDIT

RPC audit filters are added to this sublayer. These filters audit RPC incoming calls as part of C2 and common criteria compliance.

FWPM_SUBLAYER_SECURE_SOCKET

Secure socket filters are added to this sublayer.

FWPM_SUBLAYER_TCP_CHIMNEY_OFFLOAD

TCP Chimney Offload filters are added to this sublayer.

FWPM_SUBLAYER_TCP_TEMPLATES

TCP template filters are added to this sublayer.

Note

Available only on Windows 8, Windows Server 2012, and later.

FWPM_SUBLAYER_UNIVERSAL

This sublayer hosts all filters that are not assigned to any of the other sublayers.

FWPM_SUBLAYER_IPSEC_SECURITY_REALM

Microsoft IPsec security realm filters are added to this layer. See IPsec security realm.

FWPM_SUBLAYER_MPSSVC_WSH

Windows Service Hardening filters are added to this sublayer.

FWPM_SUBLAYER_MPSSVC_WF

Windows Firewall filters are added to this layer. These filters include those from rules added through Windows Firewall.

FWPM_SUBLAYER_MPSSVC_QUARANTINE

Windows Quarantine filters are added to this sublayer. Quarantine layer filters apply when an IP Interfaces is ‘quarantined’ – when the IP Interface is changing state and Windows is resolving its Firewall Profile.

FWPM_SUBLAYER_MPSSVC_EDP

Windows Enterprise Data Protection filters are added to this sublayer. This is now called Windows Information Protection. See Protect your enterprise data by using WIP.

FWPM_SUBLAYER_MPSSVC_TENANT_RESTRICTIONS

Microsoft Tenant Restrictions version 2 filters are added to this sublayer. See Set up tenant restrictions v2.

FWPM_SUBLAYER_MPSSVC_APP_ISOLATION

Windows Application Isolation filters are added to this sublayer. These filters apply to applications running in an App-Container and requires App-Container network capabilities.

Requirements

Requirement	Value
Minimum supported client	Windows Vista [desktop apps only]
Minimum supported server	Windows Server 2008 [desktop apps only]
Header	Fwpmu.h