Specifically, UPnP (Universal Plug and play, Universal plug-and-match) automatic port mapping is suitable for intranet, but not limited to intranet. The intranet is characterized by the inability to open the listening port externally, thereby losing all externally initiated connections. such as ADSL router, Windows network sharing and so on. The common solution is to use NAT for port mapping to map ports on gateway/route to native, but the process is relatively complex and obscure. We cannot simply understand that UPnP equals automatic port mapping. UPnP contains 2 layers of meaning: For an intranet computer, UPnP function can make gateway or router NAT module do automatic port mapping, the listening port from the gateway or router map to the intranet computer. The network firewall module of a gateway or router begins opening this port to other computers on the Internet.
It is not necessary to use the "Automatic port mapping" feature of UPnP, but it is still necessary to use UPnP to support UPnP-enabled network firewall software (such as ICF, Norton Network Security SWAT 2003/2004) that automatically starts the opening port. Universal Plug and Play (UPnP) is an architecture for common Peer-to-peer network connections for PCs and smart devices (or instrumentation), especially in the home. UPnP is based on Internet standards and technologies such as TCP/IP, HTTP, and XML, enabling such devices to connect and work together automatically, making the network, especially the home network, possible for more people.
There is no device driver in the UPnP architecture, and the generic protocol is replaced. UPnP is an independent medium. UPnP devices can be used in any operating system using any programming language
Enable or disable the UPnP framework
Open Windows Firewall.
Click the Exceptions tab.
To enable the UPnP framework exception, in programs and services, select the UPnP framework check box, and then click OK.
To disable the UPnP framework exception, in programs and services, clear the UPnP framework check box, and then click OK.
Attention
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must be delegated the appropriate permissions. Members of the domain Admins group may perform this procedure if the computer is already joined to a domain.
To start Windows Firewall, click Start, point to Control Panel, and then click Windows Firewall.
You can also use the Netsh command in the firewall context to perform this procedure and configure additional Windows firewall settings.
You can also use Group Policy settings to perform this procedure and configure additional Windows firewall settings.
You can configure Windows firewall settings in a standard configuration file or in a domain configuration file. Use the domain profile when the computer is connected to the same network as its domain account. Use standard profiles when your computer is connected to a network (such as a public network or the Internet) that is not in its domain account. When you perform this procedure, make sure that Windows firewall uses the correct configuration file.
If a Windows firewall setting appears dimmed in the graphical user interface and the General tab displays "Some settings are controlled by Group Policy because of security considerations", this setting may be managed by Group Policy. If all Windows Firewall settings appear dimmed, and the "You must be a computer administrator to change these settings" On the General tab, you do not have administrative permissions to configure Windows Firewall.
On Windows Server 2003, Windows Firewall is turned off by default, and Windows Firewall/internet Connection Sharing service is disabled by default. If you try to perform this process and you never start Windows Firewall, you may need to start Windows Firewall/internet Connection Sharing service.
Windows Firewall is not included in the original release of the Windows Server 2003 operating system.
The UPnP framework exception allows unsolicited incoming traffic through TCP port 2869 and UDP Port 1900.
If your computer uses Internet Connection Sharing to provide access to the Internet for other computers, you may not want to disable or edit the UPnP framework exception. Editing or disabling the UPnP framework exception can prevent computers and devices from detecting and using shared Internet connections. Be sure to test the possible impact of these changes on the Internet Connection Sharing feature.
You should configure scope options for any exceptions that are enabled.
Installing and removing UPnP UI components
Note: You must be logged on to the computer as an administrator to install the optional UPnP UI components or to change the Windows firewall port status.