Understanding Rules

Windows Firewall with Advanced Security uses rules to control the behavior of network traffic passing between the local computer and the network. A rule is basically a collection of settings that controls the behavior of a specific type of network traffic. Windows Firewall with Advanced Security allows you to create two types of rules:

• Firewall rules These rules control whether network traffic passing between the local computer and the rest of the network should be allowed or blocked. Firewall rules can be configured locally using the Windows Firewall with Advanced Security snap-in or on targeted computers by using Group Policy.
• Connection security rules These rules determine how network traffic passing between the local computer and other computers on the network should be protected using IPsec. Unlike firewall rules, which function unilaterally, connection security rules require that both computers involved have either a connection security rule or a compatible IPsec policy configured. Connection security rules can be configured locally using the Windows Firewall with Advanced Security snap-in or on targeted computers by using Group Policy.

Additional types of rules used by Windows Firewall with Advanced Security include:

• Default rules These rules define what action should be taken when a connection does not match any other rule. Default rules can be configured locally using the Windows Firewall with Advanced Security snap-in or on targeted computers by using Group Policy.
• WSH rules These built-in rules prevent services from establishing connections in ways other than those to which they were designed. WSH rules can be configured locally using APIs only; they cannot be configured using Group Policy.

The sections that follow explain these various types of rules in more detail and also describe other types of rules used by Windows Firewall with Advanced Security.