Allowing the secure connection
One of the actions that can be specified when creating a new inbound rule is Allow The Connection If It Is Secure (see Figure 5). This option is useful when an incoming connection needs to be authenticated before it can be allowed.
When this option is selected in the New
Inbound Rule Wizard, tap or click Customize to expose additional
options for authenticated users and an exceptions list when the rule
will be skipped if the connection is attempted by specific user
accounts.
The options available here are:
-
Allow The Connection If It Is Authenticated And Integrity-Protected
This option allows the connection to succeed only if the initiating
party is authenticated and the connection is secured by IPsec. This
type of connection is available for Windows Vista and later Microsoft operating systems.
-
Require The Connection To Be Encrypted This connection type forces the connection to be encrypted to ensure privacy of information.
-
Allow The Connection To Use Null Encapsulation This option allows an authenticated connection, but integrity is not required.
-
Override Block Rules
This option allows the rule to be overridden for services that must remain available.
To configure new inbound rules, complete the following steps:
-
Locate Windows Firewall by searching for Firewall on the Start screen and selecting Settings.
-
Tap or click Windows Firewall in the list of results.
-
Select Advanced Settings in the navigation pane.
-
Select Inbound Rules from the navigation pane.
-
In the Actions pane, select New Rule.
-
On the first page of the New Inbound Rule Wizard, select the type of rule to create:
-
Program A rule that controls access and connections for a program
-
Port A rule that controls access to a specific port
-
Predefined A rule that controls connections for a Windows Experience
-
Custom A rule with custom options
-
After selecting the rule type, tap or click Next to continue.
Depending on the type of rule selected, the next page asks for
information about the item to be tracked by the rule. For example,
selecting a port rule type asks port-related questions.
-
Select the type of port to configure the rule against, TCP or UDP.
-
Select the scope of the rule, All Local Ports or Specific Local Ports.
-
Enter the specific port number to be monitored by the rule.
-
Tap or click Next to continue.
-
Select an action for the rule to take:
-
Allow The Connection Connections on the monitored ports are allowed, secured or not.
-
Allow The Connection If It Is Secure Secure connections to the monitored ports are allowed.
-
Block The Connection Connections to the monitored ports will be blocked.
-
Tap or click Next to continue.
-
Select the firewall profiles to which this rule should belong from the following:
-
Domain Applies when the computer is connected to a corporate domain
-
Private Applies when the computer is connected to a private network
-
Public Applies when the computer is connected to a public network
-
Tap or click Next to continue.
-
Enter a name and description for the rule.
-
Tap or click Finish to save and enable the new rule.
Note
SELECTING PROFILES FOR FIREWALL RULES
Profiles are not mutually exclusive, and a rule can be applied by more than one profile.
