Configuring IPsec settings
In addition to the profiles, there is a tab for IPsec Settings in the Properties dialog box, as shown in Figure 3. Internet Protocol Security (IPsec)
ensures that communication between two points on a network is secured.
For example, some point-to-point virtual private network (VPN)
connections use IPsec to secure the tunnels created between locations.
These settings will most likely be configured through Group Policies on
enterprise networks; for most smaller organizations, you will not need
to adjust these settings.
The IPsec Settings tab is shown in Figure 4.
This dialog box allows configuration of the following settings:
-
IPsec Defaults
Connection settings used when active security rules exist
-
IPsec Exemptions Allows ICMP traffic to be exempt from IPsec security
-
IPsec Tunnel Authorization Specifies user accounts and computers that are authorized to establish tunneled connections
If you want to change IPsec Defaults, tap or click Customize. You can change the following settings:
-
Key Exchange (Main Mode)
Defines the algorithm used to exchange keys during connection
configuration. Selecting Advanced allows the selection of security
algorithms and the configuration of the key lifetimes in minutes or by
number of sessions.
-
Data Protection (Quick Mode)
The default Quick Mode uses built-in encryption algorithms to secure
IPsec connections. Selecting Advanced and then tapping or clicking
Customize opens another dialog box, in which you can select both the
amount of data integrity and the encryption that is applied to network
packets and add or select other encryption algorithms for network
devices.
-
Authentication Method Determines the authentication type IPsec and Windows Firewall support. Options include:
Configuring inbound rules
Windows Firewall with Advanced Security enables you to control inbound and outbound traffic separately. Inbound traffic is any traffic that accesses a computer. For example, a computer configured with an inbound rule to allow echo responses for ICMP traffic would respond to a ping.
When inbound
rules are selected, all the previously configured rules are listed.
Enabled rules have a green icon next to the rule name, and disabled
rules have a dimmed icon next to the rule name.
Apps that are installed with Windows 8 and access the Internet have preconfigured rules in Windows
Firewall. An example is the rule for Mail, Calendar, and People. These
applications are Windows 8–native apps and install with the operating
system. The inbound firewall rule for these applications is shown in Figure 5.
There might be certain configurations in which modifying
existing rules is necessary, which you can do by opening the Properties
page for the rule and editing the settings. Some settings within
predefined rules cannot be edited.
