Best Practices for Monitoring Windows Firewall

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Best practices for monitoring Windows Firewall

Use the following best practices when you monitor Windows Firewall.

Enable the Windows Firewall log file only when you need to.

Enable auditing of Windows Firewall events when you first turn on Windows Firewall.

Enable the Windows Firewall log file only when you need to.

You should enable the Windows Firewall log file only when you need to troubleshoot Windows Firewall problems or monitor Windows Firewall behavior over short periods of time. Permanently enabling the Windows Firewall log file makes your log files difficult to manage and uses disk space.

Enable auditing of Windows Firewall events when you first turn on Windows Firewall.

You should audit Windows Firewall events when you first turn on Windows Firewall. This will help you identify programs and services that are acting as servers, peers, or listeners. When you have identified servers, peers, or listeners and configured Windows Firewall exceptions, you should disable auditing of Windows Firewall events because auditing can impact the performance of servers that handle a large amount of network traffic.

See Also

Concepts

Best Practices for Managing Windows Firewall
Best Practices for Optimizing Windows Firewall
Best Practices for Securing Windows Firewall