MORE INFORMATION

By default, Windows Firewall is turned on for all network interfaces. This helps improve network protection for new Windows XP installations and Windows XP upgrades. Windows Firewall also helps improve protection for new network connections. Windows Firewall lets you add exceptions for programs and services so that they can receive inbound traffic.

To configure Windows Firewall, use Security Center in Control Panel, or open the firewall itself from Control Panel. Windows Firewall has three modes:

• On (recommended)
• Off (not recommended)
• Don't allow exceptions

The General tab provides access to the following configuration options.

• Don't allow exceptions
• Exceptions
• Advanced

Don't allow exceptions

After you select Don't allow exceptions, Windows Firewall blocks all requests to connect to your computer. Blocked requests include requests to connect from programs or services that are listed on the Exceptions tab. Windows Firewall also blocks file and printer sharing and the discovery of network devices.

You may find it useful to use Windows Firewall with no exceptions when you connect to a public network, such as a public network at an airport or hotel. This setting can help protect your computer because it blocks all attempts to connect to your computer. When you use Windows Firewall with no exceptions, you can still view Web pages, send and receive e-mail messages, or use an instant messaging program. You can manually set the Don't allow exceptions mode. However, Windows or a program can also configure this automatically if a security issue is encountered with a service or program that is listening on the computer.

Exceptions

You can add program and port exceptions on the Exceptions tab. This makes it possible for the program or port that you list to receive certain types of inbound traffic.

For each exception, you can set a scope for the exception. For home and small office networks, we recommend that you set the scope to the local network only where you can do this. If you set the scope to the local network only, computers on the same subnet can connect to the program on the computer. However, traffic that originates from a remote network is dropped.

Note To use exceptions in large networks, you may have to add an address in your list of exceptions. You can also use the Any Computer setting if a corporate firewall is in effect. The exception settings specify the set of computers that this port or program is open for. The following lists the settings and a description of the mode of access:

Advanced

By using the Advanced tab for the Windows Firewall properties, you can configure the following settings:

• Network Connection Settings - This setting configures specific rules that apply to each network interface.
• Security Logging - This setting configures security logging.
• ICMP - This setting configures rules that apply to Internet Control Message Protocol (ICMP) traffic and that are used for error and status information transmission.
• Default settings - This setting can be used to restore Windows Firewall to a default configuration.

Note To do a performance test of a connection, you must stop the firewall service in the management console. To do this, follow these steps:

1. Right-click My Computer, and then click Manage.
2. Expand Services and Applications, and then click Services.
3. In the right pane, right-click Windows Firewall/Internet Connection Sharing (ICS) service, and then click Stop.
4. To restart the Windows Firewall/Internet Connection Sharing (ICS) service, right-click the service, and then click Start.