The Windows Firewall control panel applet provides the easiest and safest access to the firewall controls. These controls are usually sufficient for most server administrators, unless the system has special requirements or you are working with custom server applications.
When you open the Windows Firewall window from the control panel, as shown in Figure 6-20, you see the following information:
-Whether the computer is connected to a domain, private, or public network
-Whether the Windows Firewall service is turned on or off
-Whether inbound and outbound connections are blocked
-The name of the currently active network
-Whether users are notified when a program is blocked
FIGURE 6-20 The Windows Firewall control panel
On the left side of the window is a series of links, which provide the following functions:
– Allow An App Or Feature Through Windows Firewall Opens the Allowed Apps dialog box, in which you can select the applications that can send traffic through the firewall
– Change Notification Settings Opens the Customize Settings dialog box, in which you can adjust the notification settings for each of the three profiles
– Turn Windows Firewall On Or Off Opens the Customize Settings dialog box, in which you can toggle the state of the firewall in each of the three profiles
– Restore Defaults Returns all firewall settings to their installation defaults
– Advanced Settings Launches the Windows Firewall With Advanced Security console
– Troubleshoot My Network Launches the Network and Internet troubleshooter
Several of the links in the Windows Firewall window point to the same place: a Customize Settings dialog box that contains controls for some of the most basic firewall functions.
The Customize Settings dialog box, shown in Figure 6-21, is organized according to three areas, corresponding to the three profiles on a Windows computer. Windows Firewall uses these profiles to represent the type of network to which the server is connected. The profiles are as follows:
– Public The public (or guest) profile is intended for servers that are accessible to unauthenticated or temporary users, such as computers in an open lab or kiosk.
– Private The private profile is intended for servers on an internal network that are not accessible by unauthorized users.
– Domain The domain profile is applied to servers that are members of an AD DS domain in which all users are identified and authenticated.
FIGURE 6-21 The Customize Settings dialog box for Windows Firewall
In Windows Firewall, the three profiles are essentially separate sets of rules that apply only to computers connected to the designated network type. Administrators can control the environment for each type of network by configuring separate rules and settings for each profile.
The Customize Settings dialog box has the following controls for each of the three network profiles:
– Turn On/Off Windows Firewall Toggles the Windows Firewall on and off for the selected profile
– Block All Incoming Connections, Including Those In The List Of Allowed Apps
Enables you to increase the security of your system by blocking all unsolicited attempts to connect to your computer
– Notify Me When Windows Firewall Blocks A New App Causes the system to notify the user when an application’s attempt to send traffic through the firewall fails
There are times when administrators might be required to modify the firewall settings in other ways, typically because a specific application requires access to a port not anticipated by the firewall’s default rules.
To do this, you can use the Allowed Apps dialog box in the Windows Firewall control panel, as shown in Figure 6-22.
FIGURE 6-22 The Allowed Apps dialog box for Windows Firewall
Opening up a port in a server’s firewall is an inherently dangerous activity. The more open doors you put in a wall, the greater the likelihood that intruders will get in. Windows Firewall provides two basic methods for opening a hole in your firewall: opening a port and allowing an application. Both are risky, but the latter is less so. This is because when you open a port by creating a rule in the Windows Firewall With Advanced Security console, the port stays open permanently. When you allow an application through the firewall by using the control panel, the specified port is open only while the program is running. When you terminate the program, the firewall closes the port.
Note:Previous versions of Windows refer to allowed applications as exceptions, meaning that they are exceptions to the general firewall rules closing off all the computer’s ports against intrusion. Exam candidates should be prepared to see questions containing either term.
The applications listed in the Allowed Apps dialog box are based on the roles and features installed on the server. Each listed application corresponds to one or more firewall rules, which the control panel activates and deactivates as needed.
Unlike earlier versions, the Windows Server 2012 R2 version of the Windows Firewall control panel does not provide direct access to port numbers. For more precise control over the firewall, you must use the Windows Firewall With Advanced Security console, which you can access by clicking Advanced Settings in the Windows Firewall control panel or by selecting it from the Tools menu in Server Manager.
This article is a part of 70-410 Installing and Configuring Windows Server 2012 Prep course, more articles in this course are :