How To Turn On the Internet Connection Firewall Feature in Windows Server 2003

Applies to: Microsoft Windows Server 2003 Enterprise Edition (32-bit x86)Microsoft Windows Server 2003 Enterprise Edition for Itanium-based SystemsMicrosoft Windows Server 2003 Standard Edition (32-bit x86)


Microsoft Windows Server 2003 provides Internet security in the form of a firewall, known as the Internet Connection Firewall (ICF). This feature is designed for home and small business use and provides protection for computers directly connected to the Internet. This feature is available for local area network (LAN) or dial-up connections. It also prevents scanning of ports and resources (file and printer shares) from external sources. This article discusses how to turn on (enable) the ICF feature to provide Internet security for your computer.

back to the top

Turn On Internet Connection Firewall

The Internet Connection Firewall is useful if you want to protect a dial-up connection when you dial directly into an Internet service provider (ISP), or to protect a LAN connection that is connected to an asymmetric digital subscriber line (ADSL) or cable modem.

To turn on the ICF feature, follow these steps:
  1. Click Start, point to Settings, click Control Panel, and then double-click Network Connections.
  2. Right-click the connection that you want, and then click Properties on the shortcut menu that appears.
  3. Click the Advanced tab, and then click to select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box.
  4. Click Settings.
  5. In the Services list, click to select the check boxes of services on the computer to which you want to permit external access (if that is what you want).

    NOTE: By default, no services are selected. This is known as a default deny stance. You must explicitly permit external access to the computer.
  6. If you want to open a port that is not displayed in the Services list, follow these steps:
    1. Click Add.
    2. Type a descriptive name for the service in the Description of service box.
    3. Type the host name or IP address of the computer to which you want to forward these packets in the Name or IP address (for example of the computer hosting this service on your network box.
    4. In the External Port number for this service box, type the port number that the external host (the host computer that tries to access your computer from the Internet) will use to access the service.
    5. In the Internal Port number for this service box, type the same port number if you want to forward the packets to the same port on the destination computer, or type a different port number if you want to redirect the port to a different port.
    6. If the connection does not use Transport Control Protocol (TCP), click UDP.
    7. Click OK.
  7. Click the Security Logging tab.
  8. Under Logging Options, click to select the Log dropped packets check box if you want to log unsuccessful attempts to access the computer.
  9. Click to select the Log successful connections check box if you want to create a log file of successful access to your computer through the firewall.
  10. Click the ICMP tab.
  11. Click to select the check boxes of the Internet Control Message Protocol (ICMP) echo request and response packets that you want to permit. When you select an item in the list, a description of that item is displayed at the bottom of the Advanced Settings dialog box under Description.

    NOTE: For the most secure environment, do not select any of the check boxes.
  12. Click OK two times.
  13. Close the Network Connections window.
back to the top


For more information about the ICF feature in Windows Server 2003, click Start, and then click Help and Support. Type firewall in the Search box, and then press ENTER to view the topics returned.

For additional information, click the article number below
to view the article in the Microsoft Knowledge Base:

281336 How To Determine Which Program Uses or Blocks Specific Transmission Control Protocol Ports in Windows
308123 Internet Programs May Not Work as Expected with the Internet Connection Firewall Enabled
307554 Programs Require Manual Port Configurations with Internet Connection Firewall
310456 How to Use Portqry to Troubleshoot Active Directory Connectivity Issues
back to the top