Creating Rules that Allow Required Inbound Network Traffic

Published: November 2, 2007

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic. To enable programs that depend on such traffic to run correctly, such as network services, you must create rules with specified criteria.

One of the most important improvements in Windows Vista and Windows 7, enabled by the integration of IPsec and the Windows Firewall, is the ability to create inbound firewall rules that only allow traffic that is authenticated, optionally encrypted, or authorized by the requesting user or computer being a member of an allowed group. These advanced inbound rule types are discussed as part of the server isolation scenario found later in this guide. Also, when network traffic is protected by IPsec and meets your criteria, you can choose to configure an inbound rule to override a block rule that would otherwise have blocked the network traffic. This scenario is discussed in the authenticated bypass scenario found later in this guide.

Community Additions