Clicking Customize in the Logging section of a profile’s
properties opens the dialog box shown in Figure 4, which you use
to specify how Windows Firewall with Advanced Security logging
operations will behave for the selected profile. For example, you
can do the following:
-
Specify a location for the firewall log file to be
saved.
-
Specify the maximum size in KBs to which the log file can
grow. Once the log file reaches this size, the file has
“.old”appended to its file name and a second file is created.
When the second file reaches the maximum size, the existing
*.old file is deleted and the second file becomes the new *.old
file.
-
Specify whether a log entry should be created when Windows
Firewall with Advanced Security disallows a connection for any
reason. These entries can be identified by the word “DROP”in the
Action field.
-
Specify whether a log entry should be created when Windows
Firewall with Advanced Security allows an inbound connection for
any reason. These entries can be identified by the word
“ALLOW”in the Action field.
Note
Firewall operational logs
Another useful source for viewing information about firewall
policy changes for Windows Firewall with Advanced Security is the
operational log found here in Event Viewer:
Applications and Services Logs/Microsoft/Windows/Windows Firewall with
Advanced Security/Firewall
You can also enable the FirewallVerbose operational log if
you need more detailed information about firewall policy
events.
Configuring profiles using Windows PowerShell
You can also use Windows PowerShell to view and configure
settings for firewall profiles. For example, you can use the
Get-NetFirewallProfile cmdlet to display the currently active
settings for the domain profile on the local computer like
this:
PS C:> Get-NetFirewallProfile -Name Domain -PolicyStore ActiveStore
Name : Domain
Enabled : True
DefaultInboundAction : Block
DefaultOutboundAction : Allow
AllowInboundRules : True
AllowLocalFirewallRules : True
AllowLocalIPsecRules : True
AllowUserApps : True
AllowUserPorts : True
AllowUnicastResponseToMulticast : True
NotifyOnListen : False
EnableStealthModeForIPsec : True
LogFileName : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes : 4096
LogAllowed : False
LogBlocked : False
LogIgnored : True
DisabledInterfaceAliases :
To modify any of these profile settings, use the
Set-NetFirewallProfile cmdlet. For help on using this cmdlet, type
Get-Help Set-NetFirewallProfile in
the Windows PowerShell console.
Note
MORE INFO Windows Firewall
with Advanced Security cmdlets
To display a list of all Windows Firewall with Advanced
Security cmdlets in the NetSecurity module for Windows PowerShell,
type Get-Command –Module
NetSecurity in the Windows PowerShell console.
