Creating Rules that Allow Required Inbound Network Traffic
Updated: December 7, 2009
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic. To enable programs that depend on such traffic to run correctly, such as network services, you must create rules with specified criteria.
Note
One of the most important improvements in Windows Vista and Windows 7, enabled by the integration of IPsec and the Windows Firewall, is the ability to create inbound firewall rules that only allow traffic that is authenticated, optionally encrypted, or authorized by the requesting user or computer being a member of an allowed group. These advanced inbound rule types are discussed as part of the server isolation scenario found later in this guide. Also, when network traffic is protected by IPsec and meets your criteria, you can choose to configure an inbound rule to override a block rule that would otherwise have blocked the network traffic. This scenario is discussed in the authenticated bypass scenario found later in this guide.
Steps for creating rules that allow required inbound network traffic
In this section of the guide, you create firewall rules that allow specific types of unsolicited inbound network traffic through the firewall.
Step 1: Configuring Predefined Rules by Using Group Policy
Step 2: Allowing Unsolicited Inbound Network Traffic for a Specific Program
Step 3: Allowing Inbound Traffic to a Specified TCP or UDP Port
Step 4: Allowing Inbound Network Traffic that Uses Dynamic RPC
Step 5: Viewing the Firewall Log
Next topic: Step 1: Configuring Predefined Rules by Using Group Policy