The Advanced Security Firewall (WFAS) in Windows Server 2008 has improved significantly compared to firewalls in previous versions of Windows, which first supports two-way protection and filters outbound and inbound traffic.
Second, it integrates Windows Firewall features and Internet Protocol security (IPSEC) into a single console. Use these advanced options to configure key exchange, data protection (integrity and encryption), and authentication settings in the manner that your environment requires. And wfas can also implement more advanced rule configuration, you can create firewall rules for various objects on Windows Server, and configure firewall rules to determine whether traffic is blocked or allowed through Windows Firewall with Advanced Security.
When an incoming packet arrives at the computer, Windows Firewall with Advanced Security checks the packet and determines whether it complies with the criteria specified in the firewall rules. If the packet matches the criteria in the rule, Windows Firewall with Advanced security executes the action specified in the rule, which blocks the connection or allows the connection. If the packet does not match the criteria in the rule, Windows Firewall with Advanced security discards the packet and creates an entry in the firewall log file (if logging is enabled).
When you configure a rule, you can choose from a variety of criteria such as application name, system service name, TCP port, UDP port, local IP address, remote IP address, configuration file, interface type (such as network adapter), user, user group, computer, Computer group, protocol, ICMP type, and so on. The criteria in the rule are added together; the more standards you add, the finer the incoming traffic is matched by Windows Firewall with Advanced Security.
Let's take a look at how to configure the Windows Server 2008 firewall.
Using MMC units for management
This approach allows you to configure both firewall settings and IPSec settings in one interface, as well as view the currently applied policies, rules, and other information in the Monitoring node.
To find the Advanced security Windows Firewall from the boot menu's Administrative tools, click Open the MMC snap-in. The Windows 2008 Advanced Security Windows Firewall uses outbound and inbound sets of rules to configure how it responds to incoming and outgoing traffic, and connects security rules to determine how to protect traffic between the computer and other computers, and to monitor firewall activity and rules.
Let's take a real example to see how to configure these rules.
Start with the inbound rule first, if we have an Apache Web server installed on Windows Server 2008, by default, this server is inaccessible from the far end because there is no configuration in the inbound rules to confirm "release" of these traffic, we add a rule to it below.
With the Advanced Security Windows Firewall open, when you click on the inbound rules, we can see some of the security rules that come with Windows Server 2008 from the list of inbound rules on the right, where we can see that we can create inbound rules based on specific programs, ports, pre-defined, or customizations. There are subtle differences in the steps of each of these types. The third step specifies what to do with the traffic that matches the criteria, and then the rule is created by selecting the configuration file to apply the rule to and assigning a name to the rule.
Connection security involves authenticating the two computers before they start communication and ensuring the security of the information being sent between the two computers. Windows Firewall with Advanced Security includes Internet Protocol security (IPSEC) technology, which enables connection security by using key exchange, authentication, data integrity, and data encryption (optional).
For a single server, you can use the Advanced Security Windows Firewall management snap-in to set up your firewall, and the above method is applicable. But if you have a large number of computers in your corporate network that need to be set up, you should use the following more efficient approach.
Using Group Policy for management
In a corporate network that uses Active Directory (AD), you can use Group Policy to apply the configuration of the advanced secure Windows Firewall in order to achieve centralized management of a large number of computers. Group Policy provides fully functional access to the Advanced security Windows Firewall, including configuration files, firewall rules, and computer security connection rules.
In fact, the same control unit is open when you configure Group Policy for the Advanced Security Windows Firewall in the Group Policy Management Console. It is worth noting that if you use Group Policy to configure advanced Security Windows Firewall in a corporate network, the local system administrator cannot modify the properties of this rule. By creating a Group Policy object, you can configure all computers in a domain to use the same firewall settings. This part of the content is more complex.
With the Netsh advfirewall command-line tool, although the graphical configuration interface is simple and intuitive, it is often preferred for some experienced system administrators to use command-line methods to complete their configuration, as the latter, once mastered, Can be more flexible and more accurate and more rapid implementation of configuration tasks.
Netsh is a command-line tool that you can use to configure network component settings. Windows Firewall with Advanced Security provides the Netsh advfirewall tool that you can use to configure Windows Firewall settings with Advanced security. Using Netsh advfirewall, you can create scripts to automatically configure a set of Windows Firewall settings with Advanced security for both IPV4 and IPV6 traffic. You can also use the netsh advfirewall command to display the configuration and status of Windows Firewall with Advanced Security.