Compartir a través de


Configuring a Profile

Updated: December 1, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

The tabs for each profile contain identical options (shown in Figure 4) that control how Windows Firewall with Advanced Security operates when the computer is connected to that type of network. Note that when Group Policy is used to configure some settings, the user is notified by the message at the top of the dialog box, and the affected controls are disabled.

The following are the options that you can configure for each of the three profiles:

  • Firewall State. You can turn Windows Firewall with Advanced Security on or off independently for each profile.

  • Inbound Connections. You can configure inbound connections to one of the following settings:

    • Block (default). Windows Firewall with Advanced Security blocks inbound connections that do not match any active firewall rules. When this setting is chosen, you must create inbound allow rules to permit traffic needed by your applications.

    • Block all connections. Windows Firewall with Advanced Security ignores all inbound rules, effectively blocking all inbound connections.

    • Allow. Windows Firewall with Advanced Security allows inbound connections that do not match an active firewall rule. When this setting is chosen, you must create inbound block rules to prevent traffic that you do not want.

  • Outbound Connections. You can configure outbound connections to one of the following settings:

    • Allow (default). Windows Firewall with Advanced Security allows outbound connections that do not match any active firewall rules. When this setting is chosen, you must create outbound rules to prevent outgoing network traffic that you do not want.

    • Block. Windows Firewall with Advanced Security blocks outbound connections that do not match an active firewall rule. When this setting is chosen, you must create outbound rules to allow outgoing network traffic needed by your applications.

  • Protected network connections. You can configure which of the active network connections are subject to the requirements of this profile. By default, all network connections are subject to all profiles. Click Customize, and then select the network connections that you want protected.

    Security Note
    If you clear the checkbox for a connection under one of the profiles, and the network type for that profile is detected for the connection, then the connection gets no firewall rule protection.

  • Settings. Click Customize in the Settings area to configure the following settings:

    • Display notifications to the user when a program is blocked from receiving inbound communications. This setting controls whether Windows displays a notification letting a user know that an inbound connection has been blocked.

    • Allow unicast response to multicast or broadcast requests. This setting allows the computer to receive unicast responses to its outgoing multicast or broadcast requests.

    • Apply local firewall rules. Select this option when, in addition to firewall rules applied by Group Policy that are specific to this computer, you want to allow local administrators to be able to create and apply firewall rules on this computer. When you clear this option, administrators can still create rules, but the rules will not be applied. This setting is available only when configuring the policy through Group Policy.

    • Allow local connection security rules. Select this option when, in addition to connection security rules applied by Group Policy that are specific to this computer, you want to allow local administrators to be able to create and apply connection security rules on this computer. When you clear this option, administrators can still create rules, but the rules will not be applied.

  • Logging. Click Customize in the Logging area to configure the following logging options:

    • Name. By default, the file is stored in %windir%\system32\logfiles\firewall\pfirewall.log.

    • Size limit. By default, the size limit is 4096 kilobytes (KB).

    • Log dropped packets. By default, dropped packets are not logged.

    • Log successful connections. By default, successful connections are not logged.