Improvements to Windows Firewall Introduced Previously in Windows Vista

The introduction of Windows Firewall with Advanced Security in Windows Vista represented a significant advance over the Windows Firewall introduced earlier in Windows XP Service Pack 2 (SP2). The following new or enhanced features were added to Windows Firewall with Advanced Security in Windows Vista:

• Windows Filtering Platform Windows Filtering Platform (WFP) is the engine that implements packet-filtering logic for Windows Firewall. WFP is accessible through a collection of public application programming interfaces (APIs) that allow Windows Firewall and third-party firewall applications to hook into the networking stack and the same filtering logic used by Windows Firewall. For more information concerning this feature, see the section titled "Understanding the Windows Filtering Platform" later in this tutorial.
• Windows Service Hardening Windows Service Hardening (WSH) helps prevent misuse of Windows services by detecting and blocking abnormal behavior. For more information concerning this feature, see the section titled "Understanding Windows Service Hardening" later in this tutorial.
• Location-aware profiles Windows Firewall in Windows XP supported only two types of firewall profiles: domain and standard. Windows Vista expanded the number of firewall profiles to three (domain, private, and public) and uses Network Location Awareness (NLA) to determine whether the computer is joined to an Active Directory Domain Services (AD DS) domain or is connected to a private network behind a gateway, a Network Address Translation (NAT) router, or a security device such as a firewall.
• Configurable firewall rules Firewall rules in Windows Vista are much more configurable than in Windows XP and allow filtering of any protocol number.
• Outbound filtering Beginning with Windows Vista, you can create firewall rules for filtering outbound traffic. This allows administrators to control which applications can send traffic onto the network.
• Full IPv6 support Windows Firewall with Advanced Security in Windows Vista fully supports filtering IPv6 network traffic.
• IPsec integration Windows Firewall with Advanced Security in Windows Vista integrates IPsec protection with firewall filtering through the use of connection security rules and global IPsec settings for key exchange (main mode), data protection (quick mode), and authentication methods. For more information concerning IPsec integration with Windows Firewall, see the section titled "Understanding Connection Security Rules" later in this tutorial.
• Authenticated bypass rules In Windows Vista, you can create authenticated bypass rules for specific computers to enable connections from those computers to bypass other firewall rules. This allows you to block certain types of traffic while allowing authenticated computers to bypass the block. You can also create firewall rules that filter by computer, user, or group in AD DS. For more information concerning this feature, see the section titled "Authenticated Bypass Rules" later in this tutorial.