Managing Advanced Firewall Policy
When it comes to maintaining good security on our PCs, nothing is more important than a firewall. The Windows Firewall is extremely good, and there’s almost never any need to replace it with a third-party option. It’s boosted further by the inclusion of a Windows Firewall with Advanced Security panel, which you can open by searching for firewall in the Start Menu.
The Advanced Firewall is standard Microsoft Management Console fare, with the usual three-column layout. In the top left of the window, you will see options to create Inbound, Outbound, and Connection Security rules. The right column contains context-sensitive options that will change depending on what is highlighted and what you are doing.
Clicking the Inbound or Outbound rules section will display a list of all the rules that are currently created, with details of whether the rules are enabled or not. You will also see a New Rule link appear in the top right of the window. You can click this to create new Firewall rules for the PC. There are four different types of rules you can create.
- Program rules are those associated with a specific win32 app on your PC; Store apps are not managed here. You may find that you have a
specific app on your PC which is being blocked by the firewall or that you wish to block. You can allow or deny access to the app here.
- Port is for allowing or denying access to specific communication ports on the PC. You may, for example, have a Virtual Private
Network (VPN) solution that requires specific ports to be open and accessible on the PC, or you may specifically want to block ports used by file-sharing torrent apps.
- Predefined rules are ones that have already been configured by Microsoft to cover a wide range of business scenarios. These include
rules that cover the BranchCache and Hyper-V features of the OS, along with Remote Access and Media Playback.
- Custom rules are defined in a very similar way to Program rules, but they also allow you to define rules that include specific Microsoft or third-party services.
You can examine and change the properties for any Firewall rule by double-clicking it to display its properties panel. There is a wealth of information and a great many configuration options here for the firewall, including a plain text description of what the rule is, and what it is used for.
In the rule properties panel, you can view and manage the following aspects of the rule:
- Action is used to allow or block the connection, or to only allow it if you have a secure network connection, such as a VPN.
- Programs and Services lets you define which apps, Application Packages (which include Store apps), and Services the rule applies to.
- Remote Computers allows you to define rules that will allow remote connections only from specific PCs, or that will not apply if a specific
PC is connected. These can be useful for managing strong security during Remote Desktop sessions.
- Protocols and Ports is where you can set the communications protocol type (such as TCP, IPv6, etc.) and communications ports to which the rule applies.
- Scope allows you to limit access through the rule to specific IP addresses or an IP address range.
- Advanced is where you can specify if the rule applies to each of domain, private, and public network connection types, and where
other options that don’t fall into other categories reside.
- Local Principals/Remote Users are similar to the Remote Computers options, except that it allows you to restrict access to specific local and remote users.
The Connection Security rules are to determine security policies when using network and Internet connections that need to be tightly controlled. These include Tunnel (VPN) connections, direct server-to-server communications, and where authentication between the different computers can be overridden.
