Information Technology Reference
In-Depth Information
Using a Command-Line Interface
The following command allows an application named FOO using TCP port 11065 to traverse
the Windows Firewall. It restricts FOO to the local subnet, and configures it for the standard
profile:
> netsh firewall add portopening protocol = TCP port = 11065
name = FOO mode = ENABLE scope = SUBNET profile = STANDARD
Using Group Policy
Tables 3-7 and 3-8 contain the Group Policy settings that create port exceptions in the domain
and standard profiles respectively.
Table 3-7.
Configure Port Exceptions—Domain Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Domain Profile
Path
Policy name
Windows Firewall: Define port exceptions
Enabled
to configure a list of port exceptions.
Disabled
to remove any
exceptions previously configured by Group Policy.
Value
Table 3-8.
Configure Port Exceptions—Standard Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Standard Profile
Path
Policy name
Windows Firewall: Define port exceptions
Enabled
to configure a list of port exceptions.
Disabled
to remove any
exceptions previously configured by Group Policy.
Value
Using the Registry
To configure an individual computer to allow an application called FOO using TCP port 11065
to traverse the Windows Firewall, set the following Registry value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"11065:TCP":reg_sz:"11065:TCP:*:Enabled:FOO"
■
Note
To restrict FOO traffic to the local subnet, change the
"11065:TCP"
reg_sz
value to
11065:TCP:LocalSubNet:Enabled:FOO
.
