Configuring a Computer for Windows Firewall Troubleshooting

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Before you can use advanced troubleshooting techniques to identify and fix Windows Firewall problems, you need to configure your computer for troubleshooting. In addition, you need a basic understanding of troubleshooting concepts, procedures, and tools.

Configuration Tasks for Troubleshooting

To configure your computer for troubleshooting, perform the following tasks:

Enable Windows Firewall logging

Enable Windows Firewall auditing

Enable network tracing

Enable Windows Firewall logging

The Windows Firewall log file contains information about the network traffic processed by Windows Firewall. To effectively troubleshoot problems with Windows Firewall, you must enable logging for both dropped packets and successful connections.

To enable Windows Firewall logging

  1. Open Windows Firewall in Control Panel.

  2. Click the Advanced tab.

  3. Under Security Logging, click Settings.

  4. In the Log Settings dialog box, select the Log dropped packets and Log successful connections check boxes.

Enable Windows Firewall auditing

You can configure the Windows ServerĀ 2003 audit log so it records information about Windows Firewall. Specifically, the audit log can track changes that are made to Windows Firewall settings and it can track information about which programs and system services attempt to listen on a port. To record Windows Firewall information in the audit log, you must enable both the Audit policy change and Audit process tracking policies.

To enable Windows Firewall auditing

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.

  2. In the console tree, open Windows Settings, open Local Policies, and then click Audit Policy.

  3. In the details pane, double-click Audit policy change, select the Success and Failure check boxes, and then click OK.

  4. In the details pane, double-click Audit process tracking, select the Success and Failure check boxes, and then click OK.

Enable network tracing

The IPNathlp trace log stored in the systemroot\tracing folder provides useful information about the network traffic passing to and from Windows Firewall. Network tracing is most commonly used to solve difficult-to-diagnose network access problems and problems with programs.

To enable network tracing for Windows Firewall

  • At the command line, type netsh ras set tracing ipnathlp enable, and press ENTER.

Important

Changing log file settings for Windows Firewall logging, auditing, and network tracing can substantially increase the size of your log files and use up disk space. After you are finished troubleshooting Windows Firewall issues, it is recommended that you configure log file settings, auditing settings, and network tracing settings as they were before you performed your troubleshooting tasks.