How To Turn On the Internet Connection Firewall Feature in Windows Server 2003
back to the top
Turn On Internet Connection FirewallThe Internet Connection Firewall is useful if you want to protect a dial-up connection when you dial directly into an Internet service provider (ISP), or to protect a LAN connection that is connected to an asymmetric digital subscriber line (ADSL) or cable modem.
To turn on the ICF feature, follow these steps:
- Click Start, point to Settings, click Control Panel, and then double-click Network Connections.
- Right-click the connection that you want, and then click Properties on the shortcut menu that appears.
- Click the Advanced tab, and then click to select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box.
- Click Settings.
- In the Services list, click to select the check boxes of services on the computer to which you want to permit external access (if that is what you want).
NOTE: By default, no services are selected. This is known as a default deny stance. You must explicitly permit external access to the computer.
- If you want to open a port that is not displayed in the Services list, follow these steps:
- Click Add.
- Type a descriptive name for the service in the Description of service box.
- Type the host name or IP address of the computer to which you want to forward these packets in the Name or IP address (for example 192.168.0.12) of the computer hosting this service on your network box.
- In the External Port number for this service box, type the port number that the external host (the host computer that tries to access your computer from the Internet) will use to access the service.
- In the Internal Port number for this service box, type the same port number if you want to forward the packets to the same port on the destination computer, or type a different port number if you want to redirect the port to a different port.
- If the connection does not use Transport Control Protocol (TCP), click UDP.
- Click OK.
- Click the Security Logging tab.
- Under Logging Options, click to select the Log dropped packets check box if you want to log unsuccessful attempts to access the computer.
- Click to select the Log successful connections check box if you want to create a log file of successful access to your computer through the firewall.
- Click the ICMP tab.
- Click to select the check boxes of the Internet Control Message Protocol (ICMP) echo request and response packets that you want to permit. When you select an item in the list, a description of that item is displayed at the bottom of the Advanced Settings dialog box under Description.
NOTE: For the most secure environment, do not select any of the check boxes.
- Click OK two times.
- Close the Network Connections window.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
Artikelnummer: 317530 – Letzte Überarbeitung: 07/15/2004 16:00:57 – Revision: 5.1
- kbsecurityservices kbhowto kbhowtomaster KB317530