Windows Firewall with Advanced Security Getting Started Guide

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Windows Firewall with Advanced Security in Windows® 7, Windows Vista®, Windows Server® 2008 R2, and Windows Server® 2008 is a stateful, host-based firewall that filters incoming and outgoing connections based on its configuration. While typical end-user configuration of Windows Firewall still takes place through the Windows Firewall Control Panel, advanced configuration now takes place in a Microsoft Management Control (MMC) snap-in named Windows Firewall with Advanced Security. The inclusion of this snap-in not only provides an interface for configuring Windows Firewall locally, but also for configuring Windows Firewall on remote computers and by using Group Policy. Firewall settings are now integrated with Internet Protocol security (IPsec) settings, allowing for some synergy: Windows Firewall can allow or block traffic based on some IPsec negotiation outcomes.

Windows Firewall with Advanced Security supports separate profiles (sets of firewall and connection security rules) for when computers are members of a domain, or connected to a private or public network. It also supports the creation of rules for enforcing server and domain isolation policies. Windows Firewall with Advanced Security supports more detailed rules than previous versions of Windows Firewall, including filtering based on users and groups in Active Directory, source and destination Internet Protocol (IP) addresses, IP port number, ICMP settings, IPsec settings, specific types of interfaces, services, and more.

Windows Firewall with Advanced Security can be part of your defense in depth security policy. Defense in depth is the implementation of a security policy that uses multiple methods to protect computers and all components of the network from malicious attacks.

Protection must extend from the network perimeter to:

  • Internal networks

  • Computers in the internal network

  • Applications running on both servers and clients

  • Data stored on both servers and clients

Topics in this article:

Your feedback is valuable and welcome! Please send your comments and suggestions to Windows Firewall with Advanced Security Documentation Feedback (wfasdoc@microsoft.com). The author of this guide will review your comments and use them to improve this documentation. Your e-mail address will not be saved or used for any other purposes.