How to set up a firewall to distribute the Internet. Windows Firewall Settings. Network access in firewall settings. Why is the firewall blocking the internet?
2 votesGood day, dear readers of my blog. Today I will depart a little from my main mission. We won’t talk about making money on the Internet, but we will discuss one very important thing. Let's talk about protecting children from malicious sites, games and applications.
From this article you will learn how to set parental controls on the Internet, I will show a video on how to protect your children from the harmful effects of the computer. I’ll tell you which phone to buy for the little ones and set the lock so that no one will even guess that something is forbidden to them.
Parental Controls in Windows
If you have Windows 7, like I do, then you can ban the use of certain programs, games and determine the time at which children can be at the computer.
If you need to ban not only the use of the computer itself, but also the Internet, you will have to download additional extensions from the official Microsoft website that will allow you to increase control capabilities. It's free.
If for some reason you do not like this method, you can install another additional program. However, in any case, first you will have to learn how to create additional user accounts. Let's figure this out quickly.
Create a new account
Go to your control panel to create a new account. It is needed to control only children and not have problems when using the laptop yourself.
Now open the “Parental Controls” tab.
And create a new account.
For this account it is not necessary to use . Only you (the administrator) need it so that teenagers cannot break into the system and change the conditions to more comfortable ones.
It’s up to you, and probably your child, to decide whether to tick it or not. After entering the name, click on “Create”.
Ready. Let's set it up now.
Time limit
In order to apply additional settings, you need to go to the account created for the offspring. Click on it.
OK it's all over Now. You are where you need to be. Enable parental controls at the top of the window that opens.
Without additional programs, you can limit your child’s time, games, and applications used. Let's click on the first option.
Be careful, you mark in blue the time during which he cannot be at the computer. Once completed, all you have to do is click “OK” and you’re done.
Ban on games
Tracking and control programs
If for some reason you don’t want to install Windows Live, but you need to ban it, then I offer you a program KidsControl. Thanks to it, you can also deny access to unwanted resources, exercise time control, and see which sites your child has visited.
The operation of the application itself will not be noticeable, and when accessing a forbidden resource, the site will display a 404 error, “Server not found” or “Page unavailable.” The utility is shareware. You will have 14 days to use it for free, and then you will have to pay 870 rubles for use.
To use it, you, as in the first case, will have to create several accounts, including for a child. I think this won't be such a problem. KidsControl will open only when the system starts and you log in from your (first) account from which the launch was carried out.
In the future, no one will understand that you have this program on your computer. To open it, you will need to restart the operating system. It’s funny, but even the omnipresent one doesn’t see her, that is, even a nosy teenager will have a hard time getting to her.
So, download the program and reboot the system. This will open a window in which you can make settings.
As you can see, there are two accounts here: the administrator, the one who downloaded the program and has all the rights, and also everyone else.
You can create several users who will have access to this program. You don't have to restrict everyone.
The blacklist will include sites that a child is prohibited from accessing.
The program itself determines prohibited resources. It has a built-in database with an automatic update system that periodically monitors the Internet and adds sites that are inappropriate for children.
If you want, the “Prohibited Files” tab will block the ability to download certain files: music, videos and programs.
Well, the access schedule will not allow your child to access the computer at a time not intended for this purpose.
That's all. Now you know how to protect your child from the computer. Shall we go to the phone?
Parental control on the phone for the little ones
First, I would like to talk to you about protection for the little ones. In the case of them, I would recommend that you do not install protection on the Internet or phone, but purchase BB-mobile . You yourself add phone numbers to it that your baby can call and write SMS.
There are no complicated buttons or additional unnecessary functions. At any time you can press a couple of buttons and get a map with the exact location of your baby. In the same way, you can access your baby’s mobile phone from your phone and turn on an audio broadcast of what is happening around. The phone will call you back automatically, without the participation of the child.
When it comes to little ones, this thing is simply irreplaceable.
Of course, a rare child in the second or third grade will calmly walk around with a BB-mobile and will not throw a tantrum asking him to buy a fancy phone. We will talk about how to work with a tablet and phone on Android in one of the future articles. Subscribe to the newsletter so you don't miss out.
See you again and good luck in your endeavors.
Includes several security features to keep your computer safe and protect your data from malware and hackers. One such feature is Windows Firewall, which helps prevent unauthorized access to your computer and block potentially malicious applications.
Although the Firewall works smoothly and reliably most of the time, sometimes you may encounter problems. For example, Firewall services may fail to start, or error 80070424 or service error 5 (0x5) may occur. Additionally, sometimes applications or features, such as Remote Assistant, may lose access to shared files and printers due to a system firewall mistakenly blocking them.
If you come across any of these or similar problems, there are several steps you can take. You can use the Windows Firewall Troubleshooter, which is an automated tool that scans and fixes common problems. It is also possible to reset the firewall to default settings and manually manage the network access of applications blocked by the Firewall.
To diagnose and fix Firewall problems, use the following steps:
- Download the Windows Firewall Troubleshooter from Microsoft.
- Run the file WindowsFirewall.diagcab by double-clicking on it.
- Click Next.
- Depending on the search results, select the option that will fix the problem.
- If everything worked successfully, click the “Close” button to complete the troubleshooter.
If the tool fails to fix the problem, click the “View more information” link to see detailed information about all the problems it tried to fix, including file and printer sharing, problems with Remote Assistant, and firewall services.
You can then find more information about the issue using search engines or ask for help in the comments below.
If the Windows Firewall troubleshooter fails to detect the problem, it is likely related to a specific setting on the system. In this scenario, you can try to delete the current configuration and return the settings to default.
Important: After restoring settings to default, you may need to reconfigure applications that request network access through the firewall.
To reset your firewall settings to default, follow these steps:
- In the left menu, select the “Restore Defaults” option.
- Click the “Restore Defaults” button.
- Click “Yes” to confirm the operation.
Once you complete these steps, the default rules and settings will be restored and all configuration issues will be resolved.
If the problem is that apps are being blocked by mistake, then you can use the following steps to allow apps to access the network.
- Open Control Panel (press the Windows key and type “Control Panel”).
- Select “System and Security”.
- Click on the “Windows Firewall” section.
- In the left menu, select the option “Allow an application or feature to interact with Windows Firewall.”
- Select “Change Settings” using your device administrator account.
- Select the app or service you want to allow.
- Select the network type “Private” if the application must access only the local network or “Public” if the application must communicate with the Internet.
- Click OK.
Advice: If the apps or feature are not shown in the list, then click the “Allow another app” button to add it to the list.
You can use these instructions to reconfigure applications after restoring Windows Firewall to default settings.
Although we used Windows 10 in this example, you can use these same instructions to troubleshoot firewall issues in Windows 8.1 and Windows 7.
Found a typo? Highlight and press Ctrl + Enter
In addition to the regular Firewall, the operating system has an additional Firewall - Windows Firewall with Advanced Security. Essentially this is the same person. Their only difference is that the first one provides the user with rather limited options for setting up Firewall rules. But these features are more than enough for the main crowd of users, most of whom have never even seen this one. For example, the functionality of a regular Firewall is also perfect. But for more sophisticated users who need more flexible settings for Firewall rules, Windows Firewall with Advanced Security was created.
How to open Windows Firewall with Advanced Security
To do this, you can use one of several methods. I will describe three of them:
- It’s stupid to type the name of this tool into the search.
- Follow the path Control Panel\System and Security\Windows Firewall and press the button Extra options.
- Open the MMC console and add the necessary tool there. Then run it from there.
Many people also ask the question “How to disable the Firewall in Advanced Security Mode.” So, as I already said, these two tools are the same person, only their functionality differs. Therefore, it would be correct to ask the following question: “How to disable Windows Firewall.” And to do this, in the Windows Firewall window you will need the Turn Windows Firewall on or off button.
Features of Windows Firewall with Advanced Security
Windows Firewall with Advanced Security allows you to create the following rules:
- Separately configure rules for both incoming and outgoing traffic.
- Create Firewall rules based on different protocols and ports.
- Configure rules for data exchange with the network for services. Let me remind you that Windows Firewall only allows you to configure rules for applications.
- The created rules can only apply to specific IP addresses on the network.
- It is possible to pass only authorized traffic.
- Configure connection security rules.
How to create a Firewall rule based on incoming or outgoing traffic?
To create a Firewall rule for incoming traffic only, or for outgoing traffic only, you need to open Windows Firewall in Advanced Security mode. In the window that opens, you will see several nodes in the console tree. The nodes we need are named Rules for incoming connections And Rules for outgoing connection, respectively. When you right-click on one of these nodes, a context menu will appear. We will be interested in the first command with the name Create a rule. After clicking this button, you will be taken to the window for creating a rule, which you must create yourself, based on your desires. Here you will be asked to specify the type of binding of the rule being created, including:
- For the program
- For port
- Predetermined
- Customizable
Creating a rule for a program (application)
You can allow or disable network communication for a specific application if you get to the window where we stopped in the previous paragraph. After which you need to select the item For the program. In the next window you must select either all programs or a specific one.
Create a Firewall Rule for a Port
The process for creating a rule for a port is identical to the process for creating a rule for an application. The only difference is that in this case you need to select the second item with the name For port. This rule allows you to open or close a port for the TCP or UDP protocol. Therefore, in the next window you need to select the protocol and port for which you are going to create a rule.
Activating predefined Windows Firewall rules
Windows already has several dozen rules created by default, which can quite often be applied by both the user and the operating system. To see and activate these rules, you must select the third item - Predetermined. These rules are not activated by default, but they can be activated at any time. These rules will come in handy when the user wants to use some Windows function, for example, or use . To activate these functions, the user will have to perform certain actions (the description of which is not included in this article). When setting up these functions, the operating system will send a signal to the Windows Firewall that it is necessary to activate a package of predefined rules. Which is what will happen. In case of failure, or on personal initiative, the user can do this manually.
Custom Firewall Rules
And finally, the most sophisticated rules: customizable ones. An item with exactly this name must be selected in order to be able to configure a rule for a specific application that will use a specific port, and limit the application of this rule to certain ones. That is, the user will have the most complete access to create rules, which is what Windows Firewall with Advanced Security is famous for.
Allow or deny connections and select network types
The four methods listed above for creating and binding a Firewall rule do not end where I described them. After the steps that will be performed for each of the described methods, you need to select two additional settings:
- Allow or deny communication for the selected rule type.
- Select network types() for which the selected rules will apply.
In the first window, you need to either allow traffic completely, allow only secure traffic, or completely block traffic. In the second and last window, you need to check the boxes next to the three types of networks. A check mark next to the network will mean that this rule will be applied in this type of network.
This wonderful functionality is provided to its users by the Windows operating system in the form of an equally excellent tool called Windows Firewall with Advanced Security.
The Windows Vista™ Microsoft Management Console (MMC) snap-in is a network sensing firewall for workstations that filters incoming and outgoing connections based on configured settings. You can now configure firewall and IPsec settings using one snap-in. This article describes how Windows Firewall with Advanced Security works, common problems, and solutions.
How Windows Firewall with Advanced Security works
Windows Firewall with Advanced Security is a network state logging firewall for workstations. Unlike router firewalls, which are deployed at the gateway between your local network and the Internet, Windows Firewall is designed to run on individual computers. It monitors only workstation traffic: traffic incoming to the IP address of that computer, and traffic outgoing from the computer itself. Windows Firewall with Advanced Security performs the following basic operations:
The incoming packet is checked and compared with the list of allowed traffic. If the packet matches one of the list values, Windows Firewall passes the packet to TCP/IP for further processing. If the packet does not match any of the values in the list, Windows Firewall blocks the packet and, if logging is enabled, creates an entry in the log file.
The list of allowed traffic is formed in two ways:
When a connection controlled by Windows Firewall with Advanced Security sends a packet, the firewall creates a value in the list to allow the return traffic to be accepted. Relevant incoming traffic will require additional permission.
When you create an allow rule for Windows Firewall with Advanced Security, the traffic for which you created the rule will be allowed on a computer that is running Windows Firewall. This computer will accept explicitly allowed incoming traffic when operating as a server, client computer, or peer-to-peer network host.
The first step to solving problems with Windows Firewall is to check which profile is active. Windows Firewall with Advanced Security is an application that monitors your network environment. The Windows Firewall profile changes as your network environment changes. A profile is a set of settings and rules that are applied depending on the network environment and existing network connections.
The firewall distinguishes between three types of network environments: domain, public and private networks. A domain is a network environment in which connections are authenticated by a domain controller. By default, all other network connection types are treated as public networks. When a new connection is detected, Windows Vista prompts the user to indicate whether the network is private or public. The general profile is intended for use in public places, such as airports or cafes. The private profile is intended for use at home or in the office, as well as on a secure network. To define a network as private, the user must have appropriate administrative privileges.
Although a computer can be connected to different types of networks at the same time, only one profile can be active. The choice of active profile depends on the following reasons:
If all interfaces use domain controller authentication, the domain profile is used.
If at least one of the interfaces is connected to a private network, and all others are connected to a domain or private networks, the private profile is used.
In all other cases, the general profile is used.
To determine the active profile, click the node Observation in a snap Windows Firewall with Advanced Security. Above the text Firewall Status will indicate which profile is active. For example, if a domain profile is active, it will display at the top Domain profile is active.
By using profiles, Windows Firewall can automatically allow incoming traffic for specific computer management tools when the computer is in a domain, and block the same traffic when the computer is connected to a public or private network. Thus, determining the type of network environment ensures the protection of your local network without compromising the security of mobile users.
Common problems when running Windows Firewall with Advanced Security
The following are the main problems that occur when Windows Firewall with Advanced Security is running:
In the event that traffic is blocked, you should first check whether the firewall is enabled and which profile is active. If any of the applications are blocked, make sure that the snap-in Windows Firewall with Advanced Security There is an active allow rule for the current profile. To verify that an allowing rule exists, double-click the node Observation, and then select the section Firewall. If there are no active allowing rules for this program, go to the site and create a new rule for this program. Create a rule for a program or service, or specify a rule group that applies to this feature, and make sure that all rules in that group are enabled.
To verify that an allowing rule is not overridden by a blocking rule, follow these steps:
In the snap tree Windows Firewall with Advanced Security click the node Observation, and then select the section Firewall.
View a list of all active local and group policy rules. Prohibiting rules override allowing rules even if the latter are more precisely defined.
Group Policy prevents local rules from applying
If Windows Firewall with Advanced Security is configured by using Group Policy, your administrator can specify whether firewall rules or connection security rules created by local administrators will be used. This makes sense if there are local firewall rules or connection security rules configured that are not in the corresponding settings section.
To determine why local firewall rules or connection security rules are missing from the Monitoring section, follow these steps:
In snap Windows Firewall with Advanced Security, click the link Windows Firewall Properties.
Select the active profile tab.
In chapter Options, press the button Tune.
If local rules apply, section Combining rules will be active.
Rules that require secure connections may block traffic
When creating a firewall rule for incoming or outgoing traffic, one of the parameters is . If you select this feature, you must have an appropriate connection security rule or a separate IPSec policy that determines what traffic is secure. Otherwise, this traffic is blocked.
To verify that one or more application rules require secure connections, follow these steps:
In the snap tree Windows Firewall with Advanced Security click section Rules for incoming connections. Select the rule you want to check and click the link Properties in the console scope.
Select a tab Are common and check if the radio button value is selected Allow only secure connections.
If the rule is specified with the parameter Allow only secure connections, expand the section Observation in the snap-in tree and select section. Ensure that the traffic defined in the firewall rule has appropriate connection security rules.
Warning:
If you have an active IPSec policy, ensure that the policy protects the necessary traffic. Do not create connection security rules to avoid conflicting IPSec policy and connection security rules.
Unable to allow outgoing connections
In the snap tree Windows Firewall with Advanced Security Choose a section Observation. Select the active profile tab and in the section Firewall Status check that outgoing connections that do not fall under the allowing rule are allowed.
In chapter Observation Choose a section Firewall to ensure that the required outgoing connections are not specified in the deny rules.
Mixed policies may block traffic
You can configure firewall and IPSec settings using various Windows interfaces.
Creating policies in multiple places can lead to conflicts and blocked traffic. The following setting points are available:
Windows Firewall with Advanced Security. This policy is configured using the appropriate snap-in locally or as part of Group Policy. This policy defines firewall and IPSec settings on computers running Windows Vista.
Windows Firewall Administrative Template. This policy is configured using the Group Policy Object Editor in the section. This interface contains Windows Firewall settings that were available before Windows Vista and is used to configure the GPO that controls previous versions of Windows. Although these settings can be used for computers running Windows Vista, we recommend that you use the policy instead Windows Firewall with Advanced Security, as it provides greater flexibility and security. Please note that some of the domain profile settings are common to the Windows Firewall Administrative Template and Policy Windows Firewall with Advanced Security, so you can see here the parameters configured in the domain profile using the snap-in Windows Firewall with Advanced Security.
IPSec Policies. This policy is configured using the local snap-in IPSec Policy Management or the Group Policy Object Editor in the Computer Configuration\Windows Configuration\Security Settings\IP Security Policies section on “Local Computer”. This policy defines IPSec settings that can be used by both previous versions of Windows and Windows Vista. This policy and the connection security rules defined in the policy should not be applied simultaneously on the same computer Windows Firewall with Advanced Security.
To view all of these options in the appropriate snap-ins, create your own Management Console snap-in and add the snap-ins to it Windows Firewall with Advanced Security, And IP Security.
To create your own management console snap-in, follow these steps:
Click the button Start, go to menu All programs, then to the menu Standard and select Execute.
In a text field Open ENTER.
Continue.
On the menu Console select item.
On the list Available accessories select equipment Windows Firewall with Advanced Security and press the button Add.
Click the button OK.
Repeat steps 1 through 6 to add snaps Group Policy Management And IP Security Monitor.
To check which policies are active in an active profile, use the following procedure:
To check which policies are applied, follow these steps:
At the command prompt, type mmc and press the key ENTER.
If the User Account Control dialog box appears, confirm the requested action and click Continue.
On the menu Console select item Add or remove a snap-in.
On the list Available accessories select equipment Group Policy Management and press the button Add.
Click the button OK.
Expand a node in the tree (usually the tree of the forest in which the computer is located) and double-click the section in the console details pane.
Select radio button value Show policy settings for from values current user or another user. If you do not want to display policy settings for users, but only policy settings for the computer, select the radio button Do not display user policy (only view computer policy) and press the button twice Further.
Click the button Ready. The Group Policy Results Wizard generates a report in the details pane of the console. The report contains tabs Summary, Options And Political events.
To verify that there is no conflict with IP security policies, after generating the report, select the tab Options and open Computer Configuration\Windows Configuration\Security Settings\IP Security Settings in the Active Directory directory service. If the last section is missing, then the IP security policy has not been set. Otherwise, the name and description of the policy and the GPO to which it belongs will be displayed. If you use an IP security policy and a Windows Firewall with Advanced Security policy at the same time with connection security rules, these policies may conflict. It is recommended to use only one of these policies. The optimal solution is to use IP security policies in conjunction with Windows Firewall with Advanced Security rules for incoming or outgoing traffic. If parameters are configured in different places and are not consistent with each other, policy conflicts that are difficult to resolve may arise.
There may also be conflicts between policies defined in local Group Policy Objects and scripts configured by the IT department. Check all IP security policies using the IP Security Monitor program or by entering the following command at the command prompt:
To view the settings defined in the Windows Firewall Administrative Template, expand the section Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall.
To view the latest events related to the current policy, you can go to the tab Policy Events in the same console.
To view the policy used by Windows Firewall with Advanced Security, open the snap-in on the computer you are diagnosing and review the settings under Observation.
To view administrative templates, open the snap-in Group Policy and in the section Group Policy Results Review whether there are settings inherited from Group Policy that may cause traffic to be rejected.
To view IP security policies, open the IP Security Monitor snap-in. Select the local computer in the tree. In the console scope, select the link Active policy, Basic mode or Fast mode. Check for competing policies that may result in traffic being blocked.
In chapter Observation rigging Windows Firewall with Advanced Security You can view existing rules for both local and group policy. For more information, please refer to the section " Using the watch feature in a snap-in Windows Firewall with Advanced Security » of this document.
To stop the IPSec Policy Agent, follow these steps:
Click the button Start and select a section Control Panel.
Click the icon System and its maintenance and select a section Administration.
Double-click the icon Services. Continue.
Find a service in the list IPSec Policy Agent
If the service IPSec Agent is running, right-click on it and select the menu item Stop. You can also stop the service IPSec Agent from the command line using the command
Peer-to-peer policy may cause traffic to be rejected
For connections that use IPSec, both computers must have compatible IP security policies. These policies can be defined using the Windows Firewall connection security rules snap-in IP security or another IP security provider.
To check IP security policy settings on a peer-to-peer network, follow these steps:
Click section Basic mode, in the console details pane, select the connection to test, then click the link Properties in the console scope. Review the connection properties for both nodes to ensure they are compatible.
Repeat step 2.1 for the partition Fast mode. Review the connection properties for both nodes to ensure they are compatible.
In snap Windows Firewall with Advanced Security select node Observation And Connection security rules to make sure that IP security policy is configured on both network nodes.
If one of the computers on the peer-to-peer network is running a version of Windows earlier than Windows Vista, ensure that at least one of the native mode cipher suites and one of the fast mode cipher suites use algorithms that are supported by both nodes .
If you are using Kerberos version 5 authentication, ensure that the host is in the same or a trusted domain.
If you are using certificates, make sure the required boxes are selected. Certificates that use Internet Key Exchange (IKE) IPSec require a digital signature. Certificates that use Authenticated Internet Protocol (AuthIP) require client authentication (depending on the server's authentication type). For more information about AuthIP certificates, please refer to the article IP Authentication in Windows Vista AuthIP in Windows Vista on the Microsoft website.
Windows Firewall with Advanced Security cannot be configured
Windows Firewall with Advanced Security settings are grayed out (grayed out) in the following cases:
The computer is connected to a centrally managed network, and the network administrator uses Group Policy to configure Windows Firewall with Advanced Security settings. In this case, at the top of the snap Windows Firewall with Advanced Security You will see the message "Some settings are controlled by Group Policy." Your network administrator configures the policy, thereby preventing you from changing Windows Firewall settings.
A computer running Windows Vista is not connected to a centrally managed network, but Windows Firewall settings are determined by local Group Policy.
To change Windows Firewall with Advanced Security settings using Local Group Policy, use the snap-in Local Computer Policy. To open this snap-in, enter secpol at the command prompt. If the User Account Control dialog box appears, confirm the requested action and click Continue. Go to Computer Configuration\Windows Configuration\Security Settings\Windows Firewall with Advanced Security to configure Windows Firewall with Advanced Security policy settings.
The computer does not respond to ping requests
The main way to test connectivity between computers is to use the Ping utility to test connectivity to a specific IP address. During a ping, an ICMP echo message (also known as an ICMP echo request) is sent and an ICMP echo response is requested in return. By default, Windows Firewall rejects incoming ICMP echo messages, so the computer cannot send an ICMP echo response.
Allowing incoming ICMP echo messages will allow other computers to ping your computer. On the other hand, this will make the computer vulnerable to attacks using ICMP echo messages. However, it is recommended to temporarily allow incoming ICMP echo messages if necessary, and then disable them.
To allow ICMP echo messages, create new inbound rules that allow ICMPv4 and ICMPv6 echo request packets.
To resolve ICMPv4 and ICMPv6 echo requests, follow these steps:
In the snap tree Windows Firewall with Advanced Security select node Rules for incoming connections and click the link New rule in the console action area.
Customizable and press the button Further.
Specify the switch value All programs and press the button Further.
In the dropdown list Protocol type select value ICMPv4.
Click the button Tune for item ICMP Protocol Parameters.
Set the radio button to Specific ICMP Types, check the box Echo request, press the button OK and press the button Further.
At the stage of selecting local and remote IP addresses corresponding to this rule, set the switches to the values Any IP address or Specified IP addresses. If you select the value Specified IP addresses, specify the required IP addresses, click the button Add and press the button Further.
Specify the switch value Allow connection and press the button Further.
At the profile selection stage, select one or more profiles (domain profile, private or public profile) in which you want to use this rule and click the button Further.
In field Name enter the name of the rule, and in the field Description– optional description. Click the button Ready.
Repeat the above steps for the ICMPv6 protocol, selecting Protocol type dropdown value ICMPv6 instead of ICMPv4.
If you have active connection security rules, temporarily excluding ICMP from the IPsec requirements may help resolve problems. To do this, open in the snap Windows Firewall with Advanced Security dialog window Properties, go to the tab IPSec Settings and specify the value in the drop-down list Yes for parameter Exclude ICMP from IPSec.
Note
Windows Firewall settings can only be changed by administrators and network operators.
Unable to share files and printers
If you can't share files and printers on a computer with Windows Firewall active, make sure all group rules are enabled Access to files and printers Windows Firewall with Advanced Security select node Rules for incoming connections Access to files and printers Enable rule in the console scope.
Attention:
It is strongly recommended not to enable file and printer sharing on computers that are directly connected to the Internet, as attackers may try to access shared files and harm you by damaging your personal files.
Windows Firewall cannot be administered remotely
If you are unable to remotely administer a computer with Windows Firewall active, make sure that all rules in the default group are enabled Remote Windows Firewall Management active profile. In snap Windows Firewall with Advanced Security select node Rules for incoming connections and scroll the list of rules to the group Remote control. Make sure these rules are enabled. Select each of the disabled rules and click the button Enable rule in the console scope. Additionally, make sure that the IPSec Policy Agent service is enabled. This service is required for remote management of Windows Firewall.
To verify that the IPSec Policy Agent is running, follow these steps:
Click the button Start and select a section Control Panel.
Click the icon System and its maintenance and select a section Administration.
Double-click the icon Services.
If the User Account Control dialog box appears, enter the required user information with the appropriate permissions and click Continue.
Find a service in the list IPSec Policy Agent and make sure it has a "Running" status.
If the service IPSec Agent stopped, right-click on it and select the item in the context menu Launch. You can also start the service IPSec Agent from the command line using the net start policy agent command.
Note
Default service IPSec Policy Agent launched. This service should be running unless it has been manually stopped.
Windows Firewall Troubleshooters
This section describes tools and techniques that can be used to solve common problems. This section consists of the following subsections:
Use monitoring features in Windows Firewall with Advanced Security
The first step to solving Windows Firewall problems is to review the current rules. Function Observation allows you to view the rules used based on local and group policies. To view the current inbound and outbound rules in the snap-in tree Windows Firewall with Advanced Security Choose a section Observation, and then select the section Firewall. In this section you can also view current connection security rules And security associations (Main and Quick modes).
Enable and use security auditing using the auditpol command-line tool
By default, audit options are disabled. To configure them, use the auditpol.exe command-line tool, which changes the audit policy settings on the local computer. Auditpol can be used to enable or disable the display of different categories of events and then view them later in the snap-in Event Viewer.
To view a list of subcategories that are included in a given category (for example, the Policy Change category), enter at the command line:
auditpol.exe /list /category:"Policy changes"
To enable display of a category or subcategory, enter at the command line:
/SubCategory:" NameCategory"
To view a list of categories supported by auditpol, enter at the command prompt:
For example, to set audit policies for a category and its subcategory, you would enter the following command:
auditpol.exe /set /category:"Changing policy" /subcategory:"Changing policy at the MPSSVC rule level" /success:enable /failure:enable
Policy change
Changing Policy at the MPSSVC Rule Level
Changing the filtering platform policy
Enter exit
IPsec Basic Mode
IPsec Fast Mode
IPsec Enhanced Mode
System
IPSEC Driver
Other system events
Access to objects
Packet drop by filtering platform
Connecting the filtration platform
For security audit policy changes to take effect, you must restart the local computer or force a manual policy update. To force a policy update, enter at the command prompt:
secedit/refreshpolicy<название_политики>
After diagnostics are complete, you can disable event auditing by replacing the enable parameter in the above commands with disable and running the commands again.
View security audit events in the event log
After you enable auditing, use Event Viewer to view audit events in the Security Event Log.
To open Event Viewer in the Administrative Tools folder, follow these steps:
Click the button Start.
Choose a section Control Panel. Click the icon System and its maintenance and select a section Administration.
Double-click the icon Event Viewer.
To add Event Viewer to the MMC, follow these steps:
Click the button Start, go to menu All programs, then to the menu Standard and select Execute.
In a text field Open enter mmc and press the key ENTER.
If the User Account Control dialog box appears, confirm the requested action and click Continue.
On the menu Console select item Add or remove a snap-in.
On the list Available accessories select equipment Event Viewer and press the button Add.
Click the button OK.
Before closing the snap-in, save the console for future use.
In snap Event Viewer expand the section Windows logs and select a node Safety. In the console work area, you can view security audit events. All events are displayed at the top of the console work area. Click an event at the top of the console work area to display detailed information at the bottom of the panel. On the tab Are common There is a description of the events in the form of clear text. On the tab Details The following event display options are available: Clear presentation And XML mode.
Configure the firewall log for a profile
Before you can view firewall logs, you must configure Windows Firewall with Advanced Security to generate log files.
To configure logging for a Windows Firewall with Advanced Security profile, follow these steps:
In the snap tree Windows Firewall with Advanced Security Choose a section Windows Firewall with Advanced Security and press the button Properties in the console scope.
Select the profile tab for which you want to configure logging (domain profile, private profile, or public profile), and then click Tune In chapter Logging.
Specify the name and location of the log file.
Specify the maximum log file size (from 1 to 32767 kilobytes)
In the dropdown list Log missing packets enter the value Yes.
In the dropdown list Record successful connections enter the value Yes and then click the button OK.
View firewall log files
Open the file you specified during the previous procedure, “Configuring the Firewall Log for a Profile.” To access the firewall log, you must have local administrator rights.
You can view the log file using Notepad or any text editor.
Analyzing Firewall Log Files
The information recorded in the log is shown in the following table. Some data is specified only for certain protocols (TCP flags, ICMP type and code, etc.), and some data is specified only for dropped packets (size).
|
Field |
Description |
Example |
|
Displays the year, month and day on which the event was recorded. The date is written in the format YYYY-MM-DD, where YYYY is the year, MM is the month, and DD is the day. |
||
|
Displays the hour, minute and second at which the event was recorded. Time is written in the format HH:MM:SS, where HH is the hour in 24-hour format, MM is the minute, and SS is the second. |
||
|
Action |
Indicates the action performed by the firewall. The following actions exist: OPEN, CLOSE, DROP and INFO-EVENTS-LOST. The INFO-EVENTS-LOST action indicates that multiple events occurred but were not logged. |
|
|
Protocol |
Displays the protocol used for the connection. This entry can also represent the number of packets that do not use the TCP, UDP, or ICMP protocols. |
|
|
Displays the IP address of the sending computer. |
||
|
Displays the IP address of the recipient computer. |
||
|
Displays the source port number of the sending computer. The source port value is written as an integer from 1 to 65535. The correct source port value is displayed for TCP and UDP protocols only. For other protocols, “-” is written as the source port. |
||
|
Displays the port number of the destination computer. The destination port value is written as an integer from 1 to 65535. The correct destination port value is displayed for TCP and UDP protocols only. For other protocols, “-” is written as the destination port. |
||
|
Displays the packet size in bytes. |
||
|
Displays the TCP protocol control flags found in the TCP header of an IP packet.
Ack. Acknowledgment field significant Fin. No more data from sender Psh. Push function Rst. Reset the connection The flag is designated by the first capital letter of its name. For example, flag Fin denoted as F. |
||
|
Displays the TCP queue number in the packet. |
||
|
Displays the TCP acknowledgment number in the packet. |
||
|
Displays the TCP packet window size in bytes. |
||
|
Type in an ICMP message. |
||
|
Displays a number representing a field Code in an ICMP message. |
||
|
Displays information based on the action performed. For example, for the INFO-EVENTS-LOST action, the value of this field indicates the number of events that have occurred but not been logged since the last occurrence of an event of this type. |
Note
The hyphen (-) is used in fields of the current record that do not contain any information.
Creating netstat and tasklist text files
You can create two custom log files, one to view network statistics (a list of all listening ports) and another to view service and application task lists. The task list contains the process identifier (PID) for events contained in the network statistics file. The procedure for creating these two files is described below.
To create text files of network statistics and a task list, follow these steps:
At the command prompt, enter netstat -ano > netstat.txt and press the key ENTER.
At the command prompt, enter tasklist > tasklist.txt and press the key ENTER. If you need to create a text file with a list of services, enter tasklist /svc > tasklist.txt.
Open the tasklist.txt and netstat.txt files.
Find the code of the process you are diagnosing in the tasklist.txt file and compare it with the value contained in the netstat.txt file. Record the protocols used.
Example of issuing Tasklist.txt and Netstat.txt files
Netstat.txt
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:XXX 0.0.0.0:0 LISTENING 122
TCP 0.0.0.0:XXXXX 0.0.0.0:0 LISTENING 322
Tasklist.txt
Image Name PID Session Name Session# Mem Usage
==================== ======== ================ =========== ============
svchost.exe 122 Services 0 7,172 K
XzzRpc.exe 322 Services 0 5,104 K
Note
The real IP addresses are changed to "X" and the RPC service is changed to "z".
Make sure essential services are running
The following services must be running:
Basic Filtering Service
Group Policy Client
IPsec key modules for Internet key exchange and IP authentication
IP Ancillary Service
IPSec Policy Agent Service
Network Location Service
Network List Service
Windows Firewall
To open the Services snap-in and verify that the required services are running, follow these steps:
Click the button Start and select a section Control Panel.
Click the icon System and its maintenance and select a section Administration.
Double-click the icon Services.
If the User Account Control dialog box appears, enter the required user information with the appropriate permissions and click Continue.
Make sure the services listed above are running. If one or more services are not running, right-click the service name in the list and select Launch.
Additional way to solve problems
As a last resort, you can restore your Windows Firewall settings to their defaults. Restoring default settings will lose all settings made after installing Windows Vista. This may cause some programs to stop working. Also, if you control the computer remotely, the connection to it will be lost.
Before restoring default settings, make sure that you have saved your current firewall configuration. This will allow you to restore your settings if necessary.
Below are the steps to save your firewall configuration and restore the default settings.
To save the current firewall configuration, follow these steps:
In snap Windows Firewall with Advanced Security click link Export Policy in the console scope.
To restore your firewall settings to default, follow these steps:
In snap Windows Firewall with Advanced Security click link Restore Defaults in the console scope.
When you receive a Windows Firewall with Advanced Security prompt, click Yes to restore default values.
Conclusion
There are many ways to diagnose and resolve problems with Windows Firewall with Advanced Security. Among them:
Using the function Observation to view firewall actions, connection security rules, and security associations.
Analyze security audit events related to Windows Firewall.
Creating text files tasklist And netstat for comparative analysis.
Currently, many antivirus solutions come with a firewall. When installed, the firewall built into Windows is disabled to avoid conflicts. There are also antiviruses without a built-in firewall, for example Microsoft Security Essentials. When installing it, it is desirable to have a built-in firewall or one installed separately from a third-party company. By default, Firewall in Windows 7 is enabled and configured universally. This is suitable for most users, as are all installed solutions. Here, together we will figure out how we can increase the security of our computers by indicating which traffic to allow and which not.
To manage the firewall, you must open it. To open it you need to find it. Use Windows 7 search. Open the Start menu and write “bra” and select simple Windows Firewall.
On the left side of the window, select Turn Windows Firewall on or off.
In the window that opens, you can disable or enable the firewall for the network you have selected or for all at once.
If you know the program and need to give it access, then check the boxes on which networks to allow communication and click Allow access. By default, the checkbox is in the network you are currently on.
Afterwards, you need to turn off the Windows Firewall service. Let's use the search from the Start menu.
In the window that opens, go to the Services tab and look for Windows Firewall. Uncheck the box and click OK.
In the window that opens, you can allow the program to connect through the firewall on the corresponding network.
If the program you need is not available, then using the Allow another program... button you can easily add it.
It is not possible to block any program from accessing the Internet here. (At least it didn’t work for me. I unchecked the µTorrent program and it still downloads).
In the window for allowing programs, you can experiment and not worry that the browser will not have access to the Internet (my case). Everything can be returned back using the Restore Defaults function.
By default everything should work fine.
Blocking outgoing traffic
If we want to achieve greater security, then one of the possible options would be to block outgoing traffic completely and set permissions for the programs and services we need. It should be noted here that an outgoing connection is considered to be one that was initiated by a program on your computer. That is, if your browser requests any page on the Internet and this page is sent to your computer, this is an outgoing connection.
To do this, select Advanced settings in the Firewall window.
In order to block all outgoing connections, you need to select Windows Firewall with Advanced Security in the left column and click Properties in the right column.
In the window that opens, go to the tab with the settings of the desired network (public network - general profile, home network - private profile). In the Outgoing connections section, select Block from the drop-down menu. Click OK or Apply.
For greater security, you can block outgoing connections on both networks.
Permission for programs
After blocking outgoing connections, we need to give Internet access to the programs we use. For example, the Google Chrome browser. To do this, go to the Rules for outgoing connections on the left side and in the Actions column on the right click Create Rule...
In the wizard that opens, select For program. Click Next >
Specify the path to the program:
%SystemRoot%\System32\svchost.exe
since the update is performed under this process. In the Services section, click Configure...
In the window that opens, select Apply to a service and select Windows Update in the list (short name - wuauserv). Click OK.
