Troubleshooting Windows Filtering Platform and IPsec Issues Using Netsh Trace
New in Windows 7 is the netsh trace command context, which can be used to activate logging and tracing on the computer for advanced troubleshooting of Windows Firewall and IPsec issues in conjunction with CSS. This new Netsh context replaces the Logman.exe command used in previous versions of Windows. To use netsh trace for troubleshooting a Windows Firewall or IPsec communications issue that you are experiencing on a computer, follow these steps:
- Start a trace session using one of the following commands:
- netsh trace start scenario=WFP-IPsec Starts a trace session for the predefined Windows Filtering Platform and IPsec scenario.
- netsh trace start provider="Microsoft-Windows-Windows Firewall With Advanced Security" Starts a trace session for troubleshooting issues involving firewall rules using the Microsoft-Windows-Windows Firewall With Advanced Security provider.
- netsh trace start provider="Microsoft-Windows-WFP" Starts a trace session for troubleshooting IPsec communications issues using the Microsoft-Windows-WFP provider.
- Reproduce the Windows Firewall or IPsec communications problem that you have been experiencing on the computer.
- Type netsh trace stop to stop tracing.
The result of performing these steps is a NetTrace.etl file and a NetTrace.cab file located at %UserProfile%\AppData\Local\Temp\NetTraces.
The .cab file contains a number of different files that contain information collected during the trace. Once you have collected this information, you can send it to Microsoft support personnel, who can decode the information and help you troubleshoot your issue. You can also view this information yourself by extracting the files contained in the .cab file and then opening the Report.html file, one of the extracted files.
More Info More information on troubleshooting Windows Firewall and IPsec issues can be found in the TechNet Library at http://technet.microsoft.com/en-us/library/cc771597.aspx.
In this tutorial:
- Configuring Windows Firewall and IPsec
- Understanding Windows Firewall with Advanced Security
- Improvements to Windows Firewall Introduced Previously in Windows Vista
- Additional Improvements to Windows Firewall in Windows 7
- Understanding the Windows Filtering Platform
- Windows Firewall and the Startup Process
- Understanding Windows Service Hardening
- Understanding Service SIDs
- Windows Firewall and WSH
- Windows Firewall and Service Triggers
- Understanding Multiple Active Firewall Profiles
- Understanding Rules
- Understanding Firewall Rules
- Inbound vs . Outbound Rules
- Allow vs . Block Rules
- Allow If Secure Rules
- Authenticated Bypass Rules
- Filtering Conditions FOR Firewall RULES
- Understanding Connection Security Rules
- Types of Connection Security Rules
- Supported IPsec Settings for Connection Security Rules
- Default IPsec Settings for Connection Security Rules
- Windows Firewall and Windows PE
- Understanding Default Rules
- Understanding WSH Rules
- Understanding Rules Processing
- Managing Windows Firewall with Advanced Security
- Tools for Managing Windows Firewall with Advanced Security
- Managing Windows Firewall Using Control Panel
- Managing Windows Firewall Using the Windows Firewall with Advanced Security Snap-in
- Managing Windows Firewall Using Group Policy
- Considerations When Managing Windows Firewall Using Group Policy
- Managing Windows Firewall Using the Netsh Command
- Common Management Tasks
- Enabling or Disabling Windows Firewall
- Configuring Firewall Profiles and IPsec Settings by Using Group Policy
- Creating and Configuring Firewall Rules
- Creating and Configuring Connection Security Rules
- Monitoring Windows Firewall
- Troubleshooting Windows Firewall
- Troubleshooting Windows Firewall Using Firewall Logs
- Troubleshooting Windows Firewall Using Event Logs
- Troubleshooting Windows Firewall Using Auditing
- Troubleshooting IPsec Issues Using Netsh Wfp
- Troubleshooting Windows Filtering Platform and IPsec Issues Using Netsh Trace