Microsoft KB Archive/321050

= Description of a Personal Firewall =

Article ID: 321050

Article Last Modified on 3/27/2007

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Tablet PC Edition 2005

-



This article was previously published under Q321050



Table of Contents
 SUMMARY

Description of a FirewallDifferent Types of FirewallsPossible Issues

 REFERENCES



Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.



SUMMARY
This article describes a personal firewall that is intended for home or small business use. This article also lists some of the different types of firewalls, and some issues that you may experience when you use a firewall.

back to the top



Description of a Firewall
Note A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. Before you disable your firewall, you must disconnect your computer from all networks, including the Internet.

A firewall is a system that is designed to prevent unauthorized access to or from a private network. You can implement firewalls in hardware, software, or both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks that are connected to the Internet.

back to the top

Different Types of Firewalls
Different firewalls use different techniques. Most firewalls use two or more of the following techniques:
 * Packet filters: A packet filter looks at each packet that enters or leaves the network and accepts or rejects the packet based on user-defined rules. Packet filtering is fairly effective and transparent, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
 * Application gateway: An application gateway applies security mechanisms to specific programs, such as FTP and Telnet. This technique is very effective, but can cause performance degradation.
 * Circuit-layer gateway: This technique applies security mechanisms when a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established. After the connection has been established, packets can flow between the hosts without further checking.
 * Proxy server: A proxy server intercepts all messages that enter and leave the network. The proxy server effectively hides the true network addresses.
 * Application proxies: Application proxies have access to the whole range of information in the network stack. This permits the proxies to make decisions based on basic authorization (the source, the destination, and the protocol), and also to filter offensive or disallowed commands in the data stream. Application proxies are &quot;stateful,&quot; meaning that they keep the &quot;state&quot; of connections inherently. The Internet Connection Firewall feature that is included in Windows XP is a &quot;stateful&quot; firewall, as well as Windows Firewall. Windows Firewall is included in Windows XP Service Pack 2 (SP2).

For additional information about the Windows XP Internet Connection Firewall feature, click the article number below to view the article in the Microsoft Knowledge Base:

320855 Description of the Windows XP Internet Connection Firewall

back to the top

Possible Issues
Some programs and services may not function as expected behind a firewall. Some of the problems that you may experience are:
 * You may receive &quot;Page cannot be displayed&quot; error messages in Microsoft Internet Explorer, or you may not be able to access Web-based e-mail messages, streaming audio, streaming video, or other Web-based content. By default most firewalls are configured to permit basic Internet connectivity. However, some firewalls may prevent typical Internet access, or may prevent access to other content would be accessible without the firewall. Incorrectly configured firewalls can prevent typical Internet access.
 * You may not be able to share files and printers, or you may not be able to connect to other computers on your local area network (LAN). Firewalls can (and typically do) block this type of access to prevent unauthorized users on the Internet from gaining access to your LAN's resources. If you use firewall software on computers that are part of the same LAN, these types of problems can occur.
 * You may not be able to play some multiplayer or Internet games. Different games use different ports for accessing the Internet. Your firewall may block these ports by default. You may have to configure your firewall to permit the game to function, or you may not be able to play the game from behind a firewall.

For additional information about troubleshooting these and other possible issues, click the article numbers below to view the articles in the Microsoft Knowledge Base:

308127 How to Manually Open Ports in Internet Connection Firewall in Windows XP

283673 HOW TO: Enable or Disable Internet Connection Firewall in Windows XP

306298 Description of the Windows Messenger Reverse Connection Process Used by Remote Assistance

309524 How to Configure Windows XP ICS for an Internal PPTP Server

240429 DirectX: Ports Required to Play on a Network

298804 Internet Connection Firewall Can Prevent Browsing and File Sharing

316414 &quot;Ping: Transmit Failed, Error Code 65&quot; Error Message When You Attempt to Ping Another Computer

189416 Firewalls and Ports Used by Windows Media Services

297942 Service Redirection Does Not Apply to Internet Connection Firewall

301529 Supported Connection Scenarios for Remote Assistance

310608 Remote Assistance May Not Work if Internet Connection Firewall Is Enabled

306203 Internet Connection Firewall Does Not Block Internet Protocol Version 6 Traffic

308324 Norton Personal Firewall 2.5 and Internet Security 3.0 Do Not Work in Windows XP

back to the top