How to Configure Windows Server 2008 Firewall

Two different utilities are used to configure the Windows Firewall on a server running Windows Server 2008: the Windows Firewall Settings dialog box and the Windows Firewall with Advanced Security snap-in.

The Windows Firewall Settings dialog box provides access to only a somewhat basic collection of settings. For example, you can quickly turn the firewall on or off and set basic exceptions (in relation to software that allowed through the firewall). You can also select the network connections (if the server has multiple network adapters) that are protected by the firewall and specify the network connections you want protected by the firewall.

To open the Windows Firewall Settings dialog box, open the Control Panel (Start, Control Panel). Then select the Allow a Program Through the Windows Firewall link under the Security group. This opens the Windows Firewall Settings dialog box with the Exceptions tab selected.

The Windows Firewall Settings dialog box has three tabs:
• General— This tab enables you to turn the Firewall on or off (via the On and Off option buttons, respectively) and also provides a Block All Incoming Connections check box, which blocks all incoming connections (designed for connections to unsecured, public networks) and also ignores all exceptions that you have specified.

• Exceptions— This tab enables you to select from a list of default program exceptions. You can select a program from the list to add that exception. You can also add a program to the exceptions list by using the Add Program button. You can also open a port in the firewall with the Add Port button.

• Advanced— This tab enables you to select (or deselect) the network connection or connections (on the computer) that are protected by the firewall.

If you edited the exceptions for the Window Firewall and would like to return to your default settings, click Restore Defaults on the Advanced tab of the Windows Firewall Settings dialog box.

The Windows Firewall Settings dialog box provides you with a quick way to open a port or allow a particular application through the firewall. However, it is more of an end-user tool and is not designed for access to more advanced firewall settings.

In terms of working with the more advanced settings (basically meaning rules, which are really full-blown policies when taken together), you need use the Windows Firewall with Advanced Security, which can be configured for the Windows Firewall snap-in. This snap-in enables you to manage inbound and outbound rules that are preconfigured for the firewall. You can also create new inbound and outbound rules with the snap-in. You also have the option of creating connection security rules that enable you to restrict connections to a server, based on authentication requirements that include domain membership or other criteria such as health policies.

To open the Windows Firewall with Advanced Security, select Start, Administrative Tools, and then Windows Firewall with Advanced Security. The MMC opens, containing the snap-in.

In the Details pane (when the Windows Firewall with Advanced Security on Local Computer node is selected) an Overview box provides a list of three firewall profiles: Domain, Public, and Private. These profiles relate to network connection types (and so have different settings based on the connection risks related to those network connection types) and are defined as follows:

• Domain— Computers running Windows Server 2008 and Windows Vista can recognize physical networks that are part of a domain. The domain connection profile on the firewall requires that computers be authenticated (in the domain) to access the domain controller. The domain network connection (or profile, if you prefer) is special in that it refers to a logical network rather than a physical network such as the public and private profiles that defined in a moment.

• Public— The public profile is used by the firewall to protect the computer when it is on a public network. A public network connection would be any connection that you make in a public place (via Wi-Fi). Because a server running Windows Server 2008 is typically not a device that you take on the road with you, the public connection refers to any connection that is not on your local and secure network, meaning the network that sits behind your perimeter firewall.

• Private— The private profile is used by the firewall to protect the computer when it uses a private connection, meaning a network protected by a hardware firewall.

As the network administrator (or at least the server administrator), you determine whether or not a new connection is public or private, and Windows Server 2008 asks you to identify the network as such (public or private) when you use the Connect to a Network task in the Network and Sharing Center. When the type of network to which the computer is connected is identified, Windows can optimize some of its configuration, especially its firewall configuration, for the specified network location type.

Because you have three potential profiles to work with (domain, public, and private) and each profile can have different settings in terms of firewall rules, you are provided a great deal of flexibility in terms of configuring the Windows Firewall. For example, any connections to a public network use the public network profile, which can be configured with a more robust and protective set of rules, whereas the private network profile could contain less restrictive rules related to such things as file and print sharing. Because the Windows Firewall on domain servers and on Windows network clients can ultimately be configured based on Group Policy, the overall flexibility of the firewall settings makes it easier for you to protect individual hosts on the network by using group policies that dictate specific firewall rules.

Before you consider how to configure the Windows Firewall and work with inbound or outbound rules, you need to understand how the connection type profiles are applied when the firewall examines network traffic. For computers that are part of a domain (both servers and clients), the domain profile is applied first (which really protects the domain controllers in the domain because authentication is required).

It then comes down to whether you apply the public or private profile. If the computer's network interface (or interfaces) is authenticated to a domain controller, the private profile is applied because the connection to the domain controller itself dictates that a trusted private network is in place. If the computer's interface is not authenticated to a domain controller, the public profile is applied.

Each of these network connection profiles can be configured separately. Let's look at the Windows Firewall Properties dialog box and then at firewall rules.

Source of Information : Sams Teach Yourself Windows Server 2008 in 24 Hours

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...