Description of a FirewallNote
A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. Before you disable your firewall, you must disconnect your computer from all networks, including the Internet.
A firewall is a system that is designed to prevent unauthorized access to or from a private network. You can implement firewalls in hardware, software, or both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks that are connected to the Internet.back to the top Different Types of Firewalls
Different firewalls use different techniques. Most firewalls use two or more of the following techniques:
- Packet filters: A packet filter looks at each packet that enters or leaves the network and accepts or rejects the packet based on user-defined rules. Packet filtering is fairly effective and transparent, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
- Application gateway: An application gateway applies security mechanisms to specific programs, such as FTP and Telnet. This technique is very effective, but can cause performance degradation.
- Circuit-layer gateway: This technique applies security mechanisms when a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established. After the connection has been established, packets can flow between the hosts without further checking.
- Proxy server: A proxy server intercepts all messages that enter and leave the network. The proxy server effectively hides the true network addresses.
- Application proxies: Application proxies have access to the whole range of information in the network stack. This permits the proxies to make decisions based on basic authorization (the source, the destination, and the protocol), and also to filter offensive or disallowed commands in the data stream. Application proxies are "stateful," meaning that they keep the "state" of connections inherently. The Internet Connection Firewall feature that is included in Windows XP is a "stateful" firewall, as well as Windows Firewall. Windows Firewall is included in Windows XP Service Pack 2 (SP2).
For additional information about the Windows XP Internet Connection Firewall feature, click the article number below to view the article in the Microsoft Knowledge Base:
320855back to the top Possible Issues
Description of the Windows XP Internet Connection Firewall
Some programs and services may not function as expected behind a firewall. Some of the problems that you may experience are:
- You may receive "Page cannot be displayed" error messages in Microsoft Internet Explorer, or you may not be able to access Web-based e-mail messages, streaming audio, streaming video, or other Web-based content. By default most firewalls are configured to permit basic Internet connectivity. However, some firewalls may prevent typical Internet access, or may prevent access to other content would be accessible without the firewall. Incorrectly configured firewalls can prevent typical Internet access.
- You may not be able to share files and printers, or you may not be able to connect to other computers on your local area network (LAN). Firewalls can (and typically do) block this type of access to prevent unauthorized users on the Internet from gaining access to your LAN's resources. If you use firewall software on computers that are part of the same LAN, these types of problems can occur.
- You may not be able to play some multiplayer or Internet games. Different games use different ports for accessing the Internet. Your firewall may block these ports by default. You may have to configure your firewall to permit the game to function, or you may not be able to play the game from behind a firewall.
For additional information about troubleshooting these and other possible issues, click the article numbers below to view the articles in the Microsoft Knowledge Base:
How to Manually Open Ports in Internet Connection Firewall in Windows XP
HOW TO: Enable or Disable Internet Connection Firewall in Windows XP
Description of the Windows Messenger Reverse Connection Process Used by Remote Assistance
How to Configure Windows XP ICS for an Internal PPTP Server
DirectX: Ports Required to Play on a Network
Internet Connection Firewall Can Prevent Browsing and File Sharing
"Ping: Transmit Failed, Error Code 65" Error Message When You Attempt to Ping Another Computer
Firewalls and Ports Used by Windows Media Services
Service Redirection Does Not Apply to Internet Connection Firewall
Supported Connection Scenarios for Remote Assistance
Remote Assistance May Not Work if Internet Connection Firewall Is Enabled
Internet Connection Firewall Does Not Block Internet Protocol Version 6 Traffic
308324back to the top REFERENCES
Norton Personal Firewall 2.5 and Internet Security 3.0 Do Not Work in Windows XP
For additional information about assessing whether you need a firewall at home, visit the following Microsoft Press Web site:back to the top