Windows Firewall with Advanced Security

Advanced Security Windows Firewall

Compared to a firewall in previous versions of Windows, Windows Server 2008 has a big improvement in the Advanced Security window Firewall (WFAS), which first supports bidirectional protection and can filter inbound and outbound traffic. Second, it integrates Windows Firewall features and Internet Protocol security (IPSEC) into one console.

In the Windows Server 2008 Advanced firewall configuration, you respond to incoming and outgoing traffic by using configuration rules to determine which data traffic is allowed or blocked. When the incoming packet arrives at the computer, the firewall examines the packet and determines whether it complies with the criteria specified in the firewall rule, and if the packet matches the criteria in the rule, the firewall will execute the action specified in the rule, that is, block the connection or allow the connection, and if the packet does not match the criteria in the rule, The firewall discards the packet and creates the corresponding entry in the firewall log, if logging is enabled. When you configure a rule, you can choose from a variety of criteria, including the application name, system service name, system port, IP address, and so on. The following is a different example of how different rules are applied.

7.1 Inbound Rules

Inbound rules explicitly allow or block traffic that matches a rule condition. By default, inbound traffic is blocked, and an inbound rule must be created to allow traffic.

For example, after installing and enabling the FTP service on a single server (192.168.1.25), a firewall will add an inbound rule that allows all FTP inbound connections. How do I configure firewall rules to prevent client 192.168.1.10 from connecting to the server via FTP, while other clients can connect to the server via FTP?

The following steps are described in detail.

(1) Open Server Manager in Administrative Tools. Expand configuration → Windows Firewall with advanced Security, right-click Inbound rules, and select New rule, as shown in 7.1.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002 "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M02/77/57/ Wkiol1zmseizjugpaabxo35_kus748.jpg "" 244 "height=" 191 "/>

Figure 7.1 New Inbound rule

(2) Select "Port" in the Rule Type page, click "Next", 7.2 below.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image004 "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M00/77/57/ Wkiol1zmsenhaxnwaaal_6dgl2o575.jpg "" 244 "height=" 195 "/>

Figure 7.2 Selecting a firewall rule type

(3) in the Protocols and Ports page, select "TCP" and "specific local port", and enter "21", click "Next", as shown in 7.3.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image006 "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M01/77/57/ Wkiol1zmsenydi_taaalxgguflk714.jpg "" 244 "height=" 196 "/>

Figure 7.3 Selecting protocols and ports

(4) On the Action page, select "Block Connection", click "Next", 7.4 below.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image008 "border=" 0 "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/M00/77/57/ Wkiol1zmseqh6n7jaaauze9_xh8532.jpg "" 244 "height=" 196 "/>

Figure 7.4 Blocking connections

(5) On the profile page, select domain, Private, public, click Next, 7.5.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image010 "border=" 0 "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/M01/77/57/ Wkiol1zmsevs9p-faaajwm1gz3a982.jpg "" 244 "height=" 196 "/>

Figure 7.5 Selecting a configuration file

(6) Enter a name and description in the Name page, and click the "Finish" button, as shown in 7.6.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image012 "border=" 0 "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/M00/77/59/ Wkiom1zmr9urfflhaaaiz8jxthw557.jpg "" 244 "height=" 196 "/>

Figure 7.6 Specifying the inbound rule name

Note: The firewall has a domain profile, a private profile, and a public profile of three profiles for domain, stand-alone, and public environments, and you can generally select domain, private, and public check boxes so that rules apply to various environments.

(7) In the inbound rule, right-click the FTP Inbound rule, select Properties, add the local IP address in the Scope tab, and the remote IP address that you want to block, as shown in 7.7.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image014 "border=" 0 "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/M01/77/59/ Wkiom1zmr9zttw6laaa-rzevymc148.jpg "" 224 "height=" 244 "/>

Figure 7.7 Configuring the inbound rule Properties

Access the FTP server through ftp://192.168.1.25 on a computer with an IP address of 192.168.1.10, and access the FTP server through ftp://192.168.1.25 on a computer with a different IP address. The former is shown in 7.8 of the access results, while the latter can be accessed normally.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image016 "border=" 0 "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/M01/77/57/ Wkiol1zmse2yijapaaax-4sp6yg245.jpg "" 244 "height="/>

Figure 7.8 Accessing FTP server errors

7.2 Outbound Rules

Outbound rules explicitly allow or deny communication from a computer that matches a rule condition. For example, you can configure a rule to explicitly prevent outbound traffic from reaching a computer through a firewall, but allow the same traffic to reach other computers. Outbound traffic is allowed by default, so you must create an outbound rule to block traffic.

Case: There is a Web server with an IP address of 192.168.1.10, the default outbound connection for the local computer is set to allow, how to prevent the local computer from accessing the Web server via IE through outbound rules?

The following steps are described in detail.

(1) Open Server Manager in Administrative Tools. Expand configuration → Windows Firewall with advanced Security, right-click Outbound Rules, and select New rule, as shown in 7.9.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image018 "border=" 0 "alt=" clip_image018 "src=" http://s3.51cto.com/wyfs02/M02/77/57/ Wkiol1zmse6iucydaabmbocf_de537.jpg "" 244 "height=" 167 "/>

Figure 7.9 Creating a new outbound rule

(2) On the Rule Type page, select the rule type you want to create as "program", click "Next", 7.10

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image020 "border=" 0 "alt=" clip_image020 "src=" http://s3.51cto.com/wyfs02/M00/77/57/ Wkiol1zmse6inbtpaaaly8cqlqq101.jpg "" 244 "height=" 196 "/>

Figure 7.10 Specifying the rule type

(3) In the Program page, select "This program path" and enter "%ProgramFiles%\Internet explorer\ iexplore. EXE ", and then click the" Next "button, shown in 7.11.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image022 "border=" 0 "alt=" clip_image022 "src=" http://s3.51cto.com/wyfs02/M02/77/57/ Wkiol1zmse_wtjlbaaananmliha092.jpg "" 244 "height=" 196 "/>

Figure 7.11 Specifying the program path

(4) On the Action page, select "Block Connection", click "Next", 7.12 below.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image024 "border=" 0 "alt=" clip_image024 "src=" http://s3.51cto.com/wyfs02/M00/77/59/ Wkiom1zmr-dyb2vhaaaqpmh6kug502.jpg "" 244 "height=" 197 "/>

Figure 7.12 Blocking connections

(5) On the profile page, select domain, Private, public, click Next, 7.13.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image026 "border=" 0 "alt=" clip_image026 "src=" http://s3.51cto.com/wyfs02/M01/77/59/ Wkiom1zmr-cj3ztraaajl3yhjm8158.jpg "" 244 "height=" 196 "/>

Figure 7.13 Selecting a configuration file

(6) Enter a name and description in the Name page, and click the "Finish" button, as shown in 7.14.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image028 "border=" 0 "alt=" clip_image028 "src=" http://s3.51cto.com/wyfs02/M00/77/59/ Wkiom1zmr-hjtb3oaaahvv3z3a8246.jpg "" 244 "height=" 195 "/>

Figure 7.14 Specifying the outbound rule name

(7) Click Outbound Rules to view the "IE outbound" rule created, as shown in 7.15.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image030 "border=" 0 "alt=" clip_image030 "src=" http://s3.51cto.com/wyfs02/M01/77/59/ Wkiom1zmr-kg_sp4aabswezfjua904.jpg "" 244 "height=" 182 "/>

Figure 7.15 Viewing Outbound rules

Access the Web server through IE on the local computer, as shown in result 7.16. Click Diagnose connection problems to view the Windows Network Diagnostics results, as shown in 7.17.

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image032 "border=" 0 "alt=" clip_image032 "src=" http://s3.51cto.com/wyfs02/M02/77/59/ Wkiom1zmr-ojepmoaaa20cthtq8566.jpg "" 244 "height=" 179 "/>

Figure 7.16 Accessing Web server errors

650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image034 "border=" 0 "alt=" clip_image034 "src=" http://s3.51cto.com/wyfs02/M02/77/57/ Wkiol1zmsfsaoe68aaapxlshfkk960.jpg "" 244 "height="/>

Figure 7.17 Diagnosing connection problems

By reasonable setting of inbound and outbound rules, the security of the system will be greatly enhanced, which can enhance the security of the computer more effectively.

Windows Firewall with Advanced Security