2.8.2. Windows Firewall Part 2

2.8.2. Windows Firewall – Part 2By Val BakhIn our last month’s blog post on Windows Firewall (WF), I introduced network firewalls as well as host-based firewalls, and explained the basic principles of their operation. We also learned about WF, its most essential settings and two types of rules. We’ll now discuss both types WF rules and their main settings. An example scenario will be used to illustrate how both types of rules interact.
We’ll first discuss the settings you can make in connection rules. Let’s create an inbound rule. You can either create a new custom rule or open an existing one. You can enable or disable the rule by going to the General tab. A disabled rule will not be activated until it is needed. An enabled rule goes into effect immediately. Inbound rules target specific types of inbound traffic and apply a specified action to them. Inbound rules typically allow the connection. Other actions include blocking the connection or allowing the connection if it’s secure. This is in conjunction with connection security rules.
You can select the protocols and ports that the rule applies on the Protocols and Ports tab. A Web server listens on TCP Port 80 for HTTP requests. Inbound rules allow clients to access the server’s site by allowing TCP traffic to port 80 from any remote port. This rule is usually created automatically when Internet Information Services or another Web server application are installed. Sometimes, you may need to allow traffic associated to a particular application or service. However, you might not be aware of the specific ports and protocols it uses. Instead of specifying ports and protocol, you can specify the name of the application or service on the Programs and Services tab. You can also specify the DNS names or IP addresses of the sending computers that the rule will target on the Scope tab.
The Advanced tab allows you to specify the profiles (Domain or Private, or Public), and the interface types (LAN or remote access or wireless) to which this rule will apply. Edge traversal is a less well-documented option. It might seem that this option controls traffic from outside the computer’s network. However, that function is provided by the rule. Edge traversal is only available in inbound rules. It is set to Block Edge Traversal by default. This setting does not prevent inbound traffic from passing through a firewall or network address translation (NAT) on the way to the local host. This option is only applicable to traffic that uses encapsulation to successfully traverse firewalls or NATs. DirectAccess is an example of a situation in which Edge traversal options are important. DirectAccess clients are located on remote private networks behind NATs. DirectAccess clients use a technology called Teredo to communicate over the Internet with their corporate network. Teredo encapsulates IPv6 within IPv4 so that it can pass through network NATs. DirectAccess clients should be configured to allow unrequested inbound traffic from corporate servers. Edge traversal should be allowed by the corresponding inbound rules.
An inbound rule can identify authorized users or computers. If it does, an inbound rule can specify authorized users or computers. To identify the packet’s originator, the packet must be sent over an authenticated connection. The rule must be changed to Allow the connection if it’s se