Introduction of Win7 system with firewall and the problem of how to configure with multiple firewall policy

Source: Internet
Author: User
Tags join firewall

Since the introduction of the first firewall (Internet Connection Firewall) built into the Windows XP system, Microsoft has been steadily improving the firewall capabilities of its subsequent system. The Windows Firewall in Windows 7, the latest client operating system, has revolutionized improvements, providing more user-friendly features, and significantly improved the firewall for mobile users. In this article, we will describe the Windows Firewall in Windows7, and how to configure them with multiple firewall policy issues.

  The history of Windows Firewall

Firewall software in Windows XP provides only simple and basic functionality, and can only protect inbound traffic, block any inbound connections that are not native initiated, and by default the firewall is closed. The SP2 system is turned on by default, enabling the system administrator to enable firewall software through Group Policy. The Vista firewall is built on the new Windows Filtering Platform (WFP), which adds the ability to filter outbound traffic through the Advanced Security MMC snap-in. In Windows 7, Microsoft has further adjusted the capabilities of the firewall to make it easier for users to use, especially in mobile computers, and to support multiple firewall policies.

  Windows 7 Firewall

In Vista, the basic settings for Windows 7 firewalls are set through the Control Panel program, and unlike Vista, you can access advanced settings through the Control Panel (including configuring outbound connection filtering) without creating an empty MMC and adding a snap-in. Just click on the advanced settings in the left panel to connect, as shown in Figure 1.

Figure 1: In Windows 7, you can access advanced firewall settings through the Control Panel program

  More Networking options

Vista Firewall allows users to choose between public or private networks, while in Windows 7 you have three choices: public, home, or work networks, both of which are considered private networks.

If you choose the "Home Networking" option, you can create a homegroup. In this case, the Network Discovery (Network Discovery) is automatically opened so that you can see other computers and devices on the network, and they can see your computer. Computers that belong to HomeGroup can share pictures, music, videos, and document libraries, or they can share hardware devices such as printers. If you have files in your folder that you don't want to share, you can also exclude them.

If you choose the "Work Network", the network discovery is turned on by default, but you will not be able to create or join homegroup if you join the computer to the Windows domain (via control Panel | System | Advanced System Settings | Computer Name tab) and through the validation of the domain controller, the firewall will automatically treat the network as a domain network.

When you connect to a public wireless network or use a mobile broadband network in an airport, hotel or café, you should choose "Public network", and the network discovery will be closed by default, so that other computers in the network cannot see your computer, nor can you Sichuan opera or belong to homegroup.

For all network types, by default, Windows 7 firewalls block connections to programs that are not on the list of allowed programs, and WINDOWS7 allows you to configure settings for each type of network separately, as shown in Figure 2.

Figure 2:windows7 allows you to configure settings separately for each type of network

  Multiple Active modes

In Vista, even if you have configured situational patterns for both public and private networks, only one is valid for a given period of time. If your computer is connected to two different networks at the same time, it's not going to work, and you'll be using the strictest mode to use all the connections, which means that you may not be able to do all the necessary work on your local network because you are using the rules of the public network pattern at this time. In Windows7 (and Server 2008 R2), you can use a different mode for each network adapter at the same time, and use private network rules for connections to private networks, while traffic from the public network uses public network rules.

  Important Small function

In many cases, small changes can lead to higher availability, and Microsoft has been actively listening to users who have added some important small features to the Windows 7 firewall. For example, in Vista, when you create a firewall rule, you need to list the port numbers and IP addresses separately, and now you only need to specify the scope, which saves a lot of time for this common administrative task.

You can also create connection security rules to specify which ports or protocols are subject to IPSec requirements in the firewall console, without the need to use Netsh commands. This is a handy improvement for those who prefer to use the GUI.

Connection security rules also support dynamic encryption, which means that if the server obtains unencrypted (but authenticated) information from the client computer, it can obtain more secure communication by requiring encryption.

  Using the Advanced settings configuration file

Using the Advanced Settings console, you can set up profiles for each type of network, as shown in Figure 3.

Figure 3: You can use the Advanced Settings console to set up profiles for each type of network

For each configuration file, you can configure the following:

· Switch status of Windows Firewall

• Inbound connections (block, block all connections, or allow)

• Outbound connections (allow or block)

• Display notifications (whether notifications are displayed when a program is blocked)

• Whether unicast responses are allowed for multicast or broadcast traffic

• Use local firewall rules created by local administrators, in addition to the Group Policy firewall rules

• Use local connection security rules created by local administrators, in addition to using Group Policy to connect security rules

  Log

Vista firewalls can be configured to log event logs into a file (by default, Windowssystem32logfilesfirewall pfirewall.log). In Windows 7, event logs can also be recorded in the applications and services sections of the Event Viewer, which makes it easier to access. To view this log, you can open the Event Viewer and in the left pane, click Applications and Services Log | Microsoft | Windows | Advanced security options in Windows Firewall, as shown in Figure 4.

The firewall event log in the Event Viewer in Figure 4:windows 7

In the event viewing log, you can create a custom view, filter the log, search the log, or enable verbose logging.

  Netsh commands

Windows 7 contains a backward-compatible netsh firewall, but if you run the change command, you receive the message that "important, ' netsh firewall ' is obsolete, please use the netsh advfirewall firewall," If you want to learn more about the new command, Please click http://support.microsoft.com/kb/947709.

  Summarize

The

Windows 7 Firewall is a product of a wide range of improvements to Vista firewalls and opens up its hidden advanced functionality. Many users, including some IT professionals, may not have known that Vista firewalls can filter outbound traffic, detect and perform advanced configuration tasks because none of these features are visible in the firewall program in Control Panel, and in Window 7, Microsoft created a built-in firewall, is more sophisticated than Vista and is a useful alternative to third-party managed firewalls.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.