Firewall Rule Wizard: Action Page

  • Article

Updated: January 20, 2009

Applies To: Windows 7, Windows Server 2008 R2

Use this wizard page when creating a firewall rule to specify the action Windows Firewall with Advanced Security will take for incoming or outgoing packets that match the rule criteria.

To get to this wizard page

  1. In the Windows Firewall with Advanced Security MMC snap-in, right-click either Inbound Rules or Outbound Rules, and then click New Rule.

  2. This page is available on all rule types. Click Next through the wizard until you reach the Action page.

Allow the connection

Use this option to allow network packets that match all criteria in the firewall rule.

Allow the connection if it is secure

Use this option to specify that only connections that are protected by Internet Protocol security (IPsec) are allowed. IPsec settings are defined in separate connection security rules. By default, this setting requires both authentication and integrity protection. To configure the requirements, click Customize.

When you choose this option, the Users and Computers pages are automatically added to the wizard. You can use these pages to specify the users or computers to whom you want to grant or deny access, or leave the page blank to allow access to all users and computers. If you choose to specify users or computers, you must use an authentication method that includes user or computer information, as appropriate, because Windows Firewall with Advanced Security will use the authentication method from the connection security rule to match the users and computers you specify. For example, for computers, you can use Computer (Kerberos V5) or Computer Certificate with certificate-to-account mapping enabled. If you do not specify users or computers, you can use any authentication method.

For more information about how to customize the IPsec requirements for this option, see the Customize Allow If Secure Settings dialog box. For more information about restricting access to user or computers, see the Users and Computers pages in the wizard.

Block the connection

Use this option to explicitly block any network packet that matches the firewall rule criteria. The block action takes precedence over the allow action, unless the Override block rules option is selected when the firewall rule is created.

How to change these settings

After you create the firewall rule, you can adjust these settings in the Firewall Rule Properties dialog box. This dialog box appears when you double-click a rule in Inbound Rules and Outbound Rules. To change these settings, select Action on the General tab.