Event ID 5047 — Firewall Rule Processing

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

green

Windows Firewall with Advanced Security receives its rules from local security policy stored in the system registry, and from Group Policy delivered by Active Directory. After receiving a new or modified policy, Windows Firewall must process each rule in the applied policies to interpret what network traffic is to be blocked, allowed, or protected by using Internet Protocol security (IPsec).

When appropriate auditing events are enabled (http://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures, both in retrieving policy and in processing the rules defined in the policy.

Event Details

Product: Windows Operating System
ID: 5047
Source: Microsoft-Windows-Security-Auditing
Version: 6.1
Symbolic Name: SE_AUDITID_ETW_IPSEC_CRYPTO_SET_CHANGE
Message: A change has been made to IPsec settings. A Crypto Set was modified.
%t
Profile Changed:%t%1

Modified Crypto Set:
%tID:%t%t%t%2
%tName:%t%t%t%3

Resolve

This is a normal condition. No further action is required.

Related Management Information

Firewall Rule Processing

Windows Firewall with Advanced Security

Community Additions

ADD
Show: