[prashant]

Working with the Advanced Firewall Settings in Vista

To work with the advanced settings present in the Windows Firewall, start by opening your Administrative Tools and selecting Windows Firewall with Advanced Security.

In the Overview pane you can see each profile category and how the settings look. The left pane allows you to view and create connection security rules. The Actions pane on the right provides you context-sensitive options. If you scroll down the Overview pane, you will see a link labeled Windows Firewall Properties. Selecting this link opens the Windows Firewall with Advanced Security on Local Computer dialog box. This dialog box has four tabs, one for each profile (Domain, Private, and Public) and one for IPSec configurations.

Each of the profiles has the same types of settings, which makes learning what they do much easier for you. Here are the settings you can configure:

1) Firewall State: Turns the firewall on or off for the profile tab you are configuring.

2) Inbound Connections: Set ups one of three rules for your inbound connections. The Block (default) rule blocks connections that do not match any active rules. The Block All Connections rule ignores the rules and blocks everything. The Allow rule allows connections regardless of the firewall rules.

3) Outbound Connections: You can choose to Allow or Block connections that do not match the firewall rules.

4) Settings: Selecting the Customize button brings you to another dialog box with the following options:

a) Display notifications to the user when a program is blocked from getting inbound communications

b) Allow unicast response to multicast or broadcast network traffic

c) Apply local firewall rules (applies only when working with Group Policy)

d) Apply local connection security rules (applies only when working with Group Policy)

5) Logging: Selecting the Customize button lets you to determine the location (the default is %windir%/pfirewall.log), the size of the log (the default is 4096KB), whether dropped packets should be logged (the default is no), or whether successful connections should be logged (the default is no).

Microsoft assist documentation gives quite thorough understanding of the features to IPSec settings. The key features of the help docs that you should remember:

1) Key Exchange: To allow secure communication, two computers must be able to access the same shared key without transferring that key across the network. Clicking the Settings button lets you to configure security methods, key exchange algorithms, and key lifetimes.

2) Data Protection: IPSec data protection defines the algorithms used to provide data integrity and encryption. Data integrity ensures that data is not modified during transfer. Windows Firewall with Advanced Security uses the Authentication Header (AH) or Encapsulating Security Payload (ESP) protocol to provide data protection. Data encryption protects data by hiding the information. Windows Firewall with Advanced Security uses the ESP protocol for data encryption.

3) Authentication Method: This setting allows you to choose the default authentication method for IPSec connections on the local computer, unless a different method is applied by a specific rule or by Group Policy settings. The out-of-box authentication method is Kerberos v5. You can also restrict connections to domain-joined computers or users, or to computers that have a certificate from a specified Certificate Authority (CA).