Windows Vista Firewall with Advanced Security

When you think of Windows Firewall, you probably think of the half-baked attempt at a Firewall that was present in XP SP2. You may also still think of it as inferior to many of the free Firewall solutions available because Windows Firewall doesn't support Outbound filtering.

Well, think again - Windows Firewall has been reborn and a lot of work has gone into making it a notable security feature of Vista. Not only does it now have Inbound and Outbound filtering, it also has the concept of Network Profiles, Computer Connection Security rules, Monitoring, and a awesome new UI which will give you FAR more control of the Firewall - "Windows Firewall with Advanced Security".

Windows Firewall with Advanced Security is a new and enhanced version of Windows Firewall. It's a stateful host-based firewall that allows or blocks network traffic according to its configuration and the applications that are currently running to provide a level of protection from malicious users and programs on a network. The new Windows Firewall includes enhancements for better protection and more advanced configuration.



Don't worry, for the non-techy the old XP SP2 UI is still available by running "firewallsettings.exe" (though it has also received a few notable improvements), and there is even a new overview UI for the Firewall which you can see by running "Firewall.cpl" (or by accessing it through control panel. These UI's are more suited to the non-techy user who only needs to see their firewall status (on/off, etc) or wants to enable/disable pre-defined rule groups such as "Remote Desktop". They can also use this UI to quickly add very-basic Firewall rules.

For the more tech-savy user, there is the Windows Firewall with Advanced Security UI. It is an MMC snap-in, which you can access by running "mmc.exe" and then adding it, or by directly running "wf.msc". The first thing that you will notice is that this UI gives you FAR more detail about your Firewall status and rules than ever before. Most notably, you will also see a sections for Inbound and Outbound rules, which is a first for Windows Firewall.

Some of the new features include:


  • Computer Connection Security (CCS) Rules - Connection security rules force a bilateral authentication between systems before a connection can be established.

  • Monitoring - Monitoring is extremely useful if you want to see exactly which Firewall rules are being enforced at any given time.

  • Windows Service Hardening - Prevent attackers from exploiting Windows Services. Any abnormalities that are detected will be blocked.

  • Inbound/Outbound Filtering - Outbound traffic, as well as inbound traffic, can be filtered.

  • Granular Rules - More granular rules can be configure for inbound and outbound filtering.

  • Firewall Profiles - Rules can be created for different profiles. Firewall profiles include: private, public and domain. So for example, you can have a different set of Firewall rules active when you are in a less secure network environment such as at airport or starbucks.

  • Authenticated Bypass Rules - Rules can be bypassed for specific computers that have been authenticated.

  • Active Directory support - The firewall can filter based on Active Directory account information.

  • IPv6 - Provides support for IPv6.


There is really too much to go into in this small article, so I just recommend that you explore the new Windows Firewall and see for yourself what an improvement it is. You can also read a lot more about Windows Firewall with Advanced Security here.

If you want to start scripting the Windows Firewall with Advanced Security from a command line, you will want to look into the new netsh context "netsh advfirewall" which understands the new network profiles and features.