Microsoft KB Archive/317530

= HOW TO: Turn On the Internet Connection Firewall Feature in Windows Server 2003 =

PSS ID Number: 317530

Article Last Modified on 11/19/2003

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, 64-Bit Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition

-



This article was previously published under Q317530



IN THIS TASK

 * SUMMARY
 * ** Turn On Internet Connection Firewall
 * REFERENCES



SUMMARY
Microsoft Windows Server 2003 provides Internet security in the form of a firewall, known as the Internet Connection Firewall (ICF). This feature is designed for home and small business use and provides protection for computers directly connected to the Internet. This feature is available for local area network (LAN) or dial-up connections. It also prevents scanning of ports and resources (file and printer shares) from external sources. This article discusses how to turn on (enable) the ICF feature to provide Internet security for your computer.

back to the top

Turn On Internet Connection Firewall
The Internet Connection Firewall is useful if you want to protect a dial-up connection when you dial directly into an Internet service provider (ISP), or to protect a LAN connection that is connected to an asymmetric digital subscriber line (ADSL) or cable modem.

To turn on the ICF feature, follow these steps:  Click Start, point to Settings, click Control Panel, and then double-click Network Connections. Right-click the connection that you want, and then click Properties on the shortcut menu that appears. Click the Advanced tab, and then click to select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. Click Settings. In the Services list, click to select the check boxes of services on the computer to which you want to permit external access (if that is what you want).

NOTE: By default, no services are selected. This is known as a default deny stance. You must explicitly permit external access to the computer. If you want to open a port that is not displayed in the Services list, follow these steps:  Click Add.</li> Type a descriptive name for the service in the Description of service box.</li> Type the host name or IP address of the computer to which you want to forward these packets in the Name or IP address (for example 192.168.0.12) of the computer hosting this service on your network box.</li> In the External Port number for this service box, type the port number that the external host (the host computer that tries to access your computer from the Internet) will use to access the service.</li> In the Internal Port number for this service box, type the same port number if you want to forward the packets to the same port on the destination computer, or type a different port number if you want to redirect the port to a different port.</li> If the connection does not use Transport Control Protocol (TCP), click UDP.</li> Click OK.</li></ol> </li> Click the Security Logging tab.</li> Under Logging Options, click to select the Log dropped packets check box if you want to log unsuccessful attempts to access the computer.</li> Click to select the Log successful connections check box if you want to create a log file of successful access to your computer through the firewall.</li> Click the ICMP tab.</li> Click to select the check boxes of the Internet Control Message Protocol (ICMP) echo request and response packets that you want to permit. When you select an item in the list, a description of that item is displayed at the bottom of the Advanced Settings dialog box under Description.

NOTE: For the most secure environment, do not select any of the check boxes.</li> Click OK two times.</li> Close the Network Connections window.</li></ol>

back to the top

<div class="references_section">