Windows 7 / Networking

Configuring Firewall Profiles and IPsec Settings by Using Group Policy

To configure firewall profiles on targeted computers using Group Policy, right-click the firewall policy node in your GPO and select Properties to display the properties for the firewall policy. For each firewall profile (domain, private, and public), you can use the tab for the profile to perform the following tasks:

  • Enable or disable the firewall state for that profile.
  • Configure default rules for inbound and outbound connections.
  • Configure whether users should receive notifications when firewall rules for that profile block inbound connections.
  • Configure whether a unicast response should be allowed for broadcast or multicast traffic.
  • Configure whether rule merging should be enabled or disabled for firewall and/or connection security rules (this can only be configured using Group Policy).
  • Configure firewall logging for traffic filtered by that profile.

Note You can use the netsh advfirewall monitor show currentprofile command in Windows 7 to display all currently active firewall profiles on the computer and also the networks assigned to each active profile.

The IPsec tab of this properties sheet can be used to configure default and system-wide IPsec settings on the targeted computers. Examples of settings you can configure here include:

  • IPsec Defaults Clicking Customize opens other dialog boxes that allow you to configure the default key exchange methods, data protection algorithms, and authentication methods used by IPsec. These default settings are used for new connection security rules that you create. However, when you create a connection security rule, you can also override the default authentication methods specified here.
  • IPsec Exemptions This option determines whether ICMP traffic should be protected by IPsec. Because ICMP is used by many network troubleshooting tools, exempting such traffic from IPsec can ensure that such troubleshooting tools function as intended.
  • IPsec Tunnel Authorization New in Windows 7, this option determines whether you can specify authorized and exempted users and computers for IPsec tunnel connections to the computer. Selecting Advanced and clicking Customize opens a dialog box that lets you specify two types of information:
    • Authorized computers, users, or groups of computers or users
    • Exempted computers, users, or groups of computers or users
    Note that any authorizations and exemptions you specify here apply only to tunnel rules for which the Apply IPsec Tunnel Authorization option is selected when the tunnel rule is created.

For more information on configuring firewall profiles and IPsec settings, see the following sections of the TechNet Library:

  • "Configuring a Profile" at
  • "Configuring IPsec Settings" at
  • "Windows Firewall with Advanced Security Properties Page" at
[Previous] [Contents] [Next]

In this tutorial:

  1. Configuring Windows Firewall and IPsec
  2. Understanding Windows Firewall with Advanced Security
  3. Improvements to Windows Firewall Introduced Previously in Windows Vista
  4. Additional Improvements to Windows Firewall in Windows 7
  5. Understanding the Windows Filtering Platform
  6. Windows Firewall and the Startup Process
  7. Understanding Windows Service Hardening
  8. Understanding Service SIDs
  9. Windows Firewall and WSH
  10. Windows Firewall and Service Triggers
  11. Understanding Multiple Active Firewall Profiles
  12. Understanding Rules
  13. Understanding Firewall Rules
  14. Inbound vs . Outbound Rules
  15. Allow vs . Block Rules
  16. Allow If Secure Rules
  17. Authenticated Bypass Rules
  18. Filtering Conditions FOR Firewall RULES
  19. Understanding Connection Security Rules
  20. Types of Connection Security Rules
  21. Supported IPsec Settings for Connection Security Rules
  22. Default IPsec Settings for Connection Security Rules
  23. Windows Firewall and Windows PE
  24. Understanding Default Rules
  25. Understanding WSH Rules
  26. Understanding Rules Processing
  27. Managing Windows Firewall with Advanced Security
  28. Tools for Managing Windows Firewall with Advanced Security
  29. Managing Windows Firewall Using Control Panel
  30. Managing Windows Firewall Using the Windows Firewall with Advanced Security Snap-in
  31. Managing Windows Firewall Using Group Policy
  32. Considerations When Managing Windows Firewall Using Group Policy
  33. Managing Windows Firewall Using the Netsh Command
  34. Common Management Tasks
  35. Enabling or Disabling Windows Firewall
  36. Configuring Firewall Profiles and IPsec Settings by Using Group Policy
  37. Creating and Configuring Firewall Rules
  38. Creating and Configuring Connection Security Rules
  39. Monitoring Windows Firewall
  40. Troubleshooting Windows Firewall
  41. Troubleshooting Windows Firewall Using Firewall Logs
  42. Troubleshooting Windows Firewall Using Event Logs
  43. Troubleshooting Windows Firewall Using Auditing
  44. Troubleshooting IPsec Issues Using Netsh Wfp
  45. Troubleshooting Windows Filtering Platform and IPsec Issues Using Netsh Trace