Firewall Rule Properties Page: Advanced Tab

Updated: January 20, 2009

Applies To: Windows 7, Windows Server 2008 R2

Use this tab to configure the profiles and interface types to which this firewall rule will be applied.

To get to this tab

  • In the Windows Firewall with Advanced Security MMC snap-in, in either Inbound Rules or Outbound Rules, double-click the firewall rule you want to modify, and then click the Advanced tab.

Profiles

A profile is a way of grouping settings, such as firewall rules and connection security rules, that are applied to the computer depending on where the computer is connected. Windows determines a network location type for each network adapter, and then applies the corresponding profile to that network adapter. On computers running this version of Windows, there are three profiles recognized by Windows Firewall with Advanced Security.

Profile Description

Domain

Applies when a computer is connected to a network that contains an Active Directory domain controller in which the computer's domain account resides.

Private

Applies when a computer is connected to a network in which the computer's domain account does not reside, such as a home network. The private profile settings should be more restrictive than the domain profile settings. A network is assigned the private type by a local administrator.

Public

Applies when a computer is connected to a domain through a public network, such as one available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be as tightly controlled as it is in an IT environment. By default, newly discovered networks are assigned the public type.

Note

Computers running Windows Server 2008 and Windows Vista support only a single profile at a time. If the computer is connected to more than one network, the most restrictive profile is applied to all network adapters.
Computers running Windows XP and Windows Server 2003 support only two profiles: standard, which maps to both public and private, and domain. If the computer is connected to more than one network, the profile that is most restrictive is applied to all network adapters. For this purpose, the public profile is considered the most restrictive, followed by the private profile, and then the domain profile.

Interface types

Click Customize to specify the interface types to which the connection security rule applies. The Customize Interface Types dialog box allows you to select All interface types or any combination of Local area network, Remote access, or Wireless types.

Edge traversal

Edge traversal allows the computer to accept unsolicited inbound packets that have passed through an edge device, such as a network address translation (NAT) router or firewall.

Note

This option cannot be configured by using the New Inbound Firewall Rule wizard. To configure this setting, you must create the rule by using the wizard and then change it by using this tab.
This option applies to inbound rules only; it does not appear on the Advanced tab for an outbound rule.

Select one of the following options from the list:

Block edge traversal (default)

Prevent applications from receiving unsolicited traffic from the Internet through a NAT edge device.

Allow edge traversal

Allow applications to receive unsolicited traffic directly from the Internet through a NAT edge device.

Defer to user

Let the user decide whether to allow unsolicited traffic from the Internet through a NAT edge device when an application requests it.

Defer to application

Let each application determine whether to allow unsolicited traffic from the Internet through a NAT edge device.