Connection Security Properties - Advanced
Applies To: Windows Server 2008
Profile
Select the profile to which the connection security rule applies. You can apply the rule to the domain profile, public profile, or private profile.
| Profile | Description |
|---|---|
Domain |
Applied when a computer is connected to a network in which the computer's domain account resides. |
Private |
Applied when a computer is connected to a network in which the computer's domain account does not reside, such as a home network. The private profile settings should be more restrictive than the domain profile. |
Public |
Applied when a computer is connected to a domain through a public network, such as those available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be as tightly controlled as within an IT environment. |
Interface types
You can use this setting to specify to which interface type this rule applies. You have different rules that regulate traffic for different types of traffic. For example, if you specify only the wireless interface type for this rule, then Windows Firewall with Advanced Security will only take the action specified by the rule for wireless traffic. The default setting is All interface types.
Click the Settings button to select either all interface types or specific interface types.
IPsec tunneling
Configure this setting if you are creating firewall rules for traffic that passes between computers or through gateways that do not support L2TP/IPsec or PPTP VPN connections.
Windows Firewall with Advanced Security can use Internet Protocol security (IPsec) to perform Layer 3 tunneling for scenarios in which Layer Two Tunneling Protocol (L2TP) cannot be used. If you are using L2TP for remote communications, no tunnel configuration is required because the client and server VPN components of this version of Windows create the rules to secure L2TP traffic automatically.
You can specify either an IPv4 address or an IPv6 address. You must specify an endpoint for each side of the tunnel. The address protocol version must be the same for both sides. That is, if you specify an IPv6 address for the local side of the tunnel, then you must also use an IPv6 address for the remote side of the tunnel. If you do not specify tunnel endpoints, the connection security rule specifies an IPsec transport connection.