Understanding Rules
Windows Firewall with Advanced Security uses rules to control the behavior of network traffic passing between the local computer and the network. A rule is basically a collection of settings that controls the behavior of a specific type of network traffic. Windows Firewall with Advanced Security allows you to create two types of rules:
- Firewall rules These rules control whether network traffic passing between the local computer and the rest of the network should be allowed or blocked. Firewall rules can be configured locally using the Windows Firewall with Advanced Security snap-in or on targeted computers by using Group Policy.
- Connection security rules These rules determine how network traffic passing between the local computer and other computers on the network should be protected using IPsec. Unlike firewall rules, which function unilaterally, connection security rules require that both computers involved have either a connection security rule or a compatible IPsec policy configured. Connection security rules can be configured locally using the Windows Firewall with Advanced Security snap-in or on targeted computers by using Group Policy.
Additional types of rules used by Windows Firewall with Advanced Security include:
- Default rules These rules define what action should be taken when a connection does not match any other rule. Default rules can be configured locally using the Windows Firewall with Advanced Security snap-in or on targeted computers by using Group Policy.
- WSH rules These built-in rules prevent services from establishing connections in ways other than those to which they were designed. WSH rules can be configured locally using APIs only; they cannot be configured using Group Policy.
The sections that follow explain these various types of rules in more detail and also describe other types of rules used by Windows Firewall with Advanced Security.
In this tutorial:
- Configuring Windows Firewall and IPsec
- Understanding Windows Firewall with Advanced Security
- Improvements to Windows Firewall Introduced Previously in Windows Vista
- Additional Improvements to Windows Firewall in Windows 7
- Understanding the Windows Filtering Platform
- Windows Firewall and the Startup Process
- Understanding Windows Service Hardening
- Understanding Service SIDs
- Windows Firewall and WSH
- Windows Firewall and Service Triggers
- Understanding Multiple Active Firewall Profiles
- Understanding Rules
- Understanding Firewall Rules
- Inbound vs . Outbound Rules
- Allow vs . Block Rules
- Allow If Secure Rules
- Authenticated Bypass Rules
- Filtering Conditions FOR Firewall RULES
- Understanding Connection Security Rules
- Types of Connection Security Rules
- Supported IPsec Settings for Connection Security Rules
- Default IPsec Settings for Connection Security Rules
- Windows Firewall and Windows PE
- Understanding Default Rules
- Understanding WSH Rules
- Understanding Rules Processing
- Managing Windows Firewall with Advanced Security
- Tools for Managing Windows Firewall with Advanced Security
- Managing Windows Firewall Using Control Panel
- Managing Windows Firewall Using the Windows Firewall with Advanced Security Snap-in
- Managing Windows Firewall Using Group Policy
- Considerations When Managing Windows Firewall Using Group Policy
- Managing Windows Firewall Using the Netsh Command
- Common Management Tasks
- Enabling or Disabling Windows Firewall
- Configuring Firewall Profiles and IPsec Settings by Using Group Policy
- Creating and Configuring Firewall Rules
- Creating and Configuring Connection Security Rules
- Monitoring Windows Firewall
- Troubleshooting Windows Firewall
- Troubleshooting Windows Firewall Using Firewall Logs
- Troubleshooting Windows Firewall Using Event Logs
- Troubleshooting Windows Firewall Using Auditing
- Troubleshooting IPsec Issues Using Netsh Wfp
- Troubleshooting Windows Filtering Platform and IPsec Issues Using Netsh Trace