By default, all three firewall profiles are enabled on Windows
computers. You can change the state of any profile or configure its
properties by right-clicking on the root node in the Windows
Firewall with Advanced Security snap-in and selecting Properties.
Doing this opens the Windows Firewall with Advanced Security
properties shown in Figure 2.
You can use this properties dialog box to configure the
following properties for the selected profile:
-
Firewall State You use this
setting to enable or disable Windows Firewall with Advanced
Security for the selected profile. Microsoft recommends that you
always leave this set to On.
-
Inbound Connections You use
this setting to configure how Windows Firewall with Advanced
Security handles incoming traffic. These are the three available
options:
-
Block Blocks all
connections that do not have firewall rules that explicitly
allow the connection.
-
Block All Connections
Blocks all connections, regardless of any firewall rules
that explicitly allow the connection.
-
Allow Allows the
connection unless there is a firewall rule that explicitly
blocks the connection.
The default value for the inbound connections property is
Block. This means that if an inbound rule for the profile
explicitly allows a certain type of incoming traffic, any
traffic matching that rule will be accepted by the host. But if
a certain type of incoming traffic does not match any of the
inbound rules for the profile, that type of traffic will not be
accepted by the host.
-
Outbound Connections You
use this setting to configure how Windows Firewall with Advanced
Security handles outgoing traffic. The only two options
available here are Block and Allow. The default setting for the
Outbound Connections property is Allow, which means that all
traffic leaving the host is allowed to pass through the firewall
unless an explicit outbound rule prohibits this for a certain
type of outgoing traffic.
-
Protected Network
Connections This setting opens a dialog box you can use
to specify which network connections should be protected by the
rules associated with the selected profile. For example, on a
multihomed computer with two network connections to different
networks of type private, the dialog box for the private profile
would display two check boxes. By default, both private networks
would be protected by default, but by clearing the check boxes
you can disable this protection for either or both
networks.
The Settings and Logging options are described in the next two
sections.
Configuring profile settings
Clicking Customize in the Settings section of a profile’s
properties opens the dialog box shown in Figure 3, which you can
use to specify other settings that control the behavior of Windows
Firewall with Advanced Security. For example, you can do the
following:
-
Specify whether Windows Firewall with Advanced Security
should display a notification to the user when a program on the
user’s computer is blocked from receiving inbound connections.
When such a notification is displayed, the user can select an
option that unblocks the program as long as the user has
sufficient privileges (belongs to the local Administrators or
Network Configuration Operators security group). When the user
chooses to unblock a program, an inbound program rule for the
program is automatically created on the user’s computer.
-
Allow unicast responses to multicast or broadcast requests
to allow Windows Firewall with Advanced Security to wait several
seconds for unicast responses from other computers to which the
local computer has sent multicast or broadcast messages.
-
Rule merging allows users who are members of the local
Administrators or Network Configuration Operators security group
on the computer to create and apply local rules that are merged
together with any rules being applied to the computer by Group
Policy.
