Information Technology Reference
In-Depth Information
How It Works
When you are working with a multi-homed Windows Server 2003 computer, you may need to
enable or disable the Windows Firewall on a per-interface basis, rather than globally for the
entire server. You may wish to enable unfettered connectivity on a private network, for example,
or you may have a hardware-based firewall protecting the NIC attached to a public network
such as the Internet. Even if this is the case, however, the Windows Firewall is able to coexist
with third-party products, and might still be a useful tool to provide “defense in depth” for your
Windows Server 2003 computers, since the Windows Firewall will take effect before any third-
party applications you've installed.
When working from the command line, you cannot use the
profile=
or
exceptions=
parameters in conjunction with the
interface=
parameter. To configure exceptions for an indi-
vidual interface, you can use the
netsh firewall set portopening
command, which we will
discuss in the next recipe.
See Also
Recipe 3-1 for more on enabling and disabling the Windows Firewall
Microsoft TechNet: “Help: Understanding Windows Firewall Exceptions”
(
http://technet2.microsoft.com/WindowsServer/en/Library/
7a19b261-840a-449e-b2b3-38b136d7bd591033.mspx
)
3-17. Enabling Per-Interface Inbound Connectivity
Problem
You want to configure the Windows Firewall to allow external users to connect to the local
computer.
Solution
Using a Graphical User Interface
1.
Open the Network Connections applet.
2.
Double-click on the Local Area Connection icon.
3.
From the Advanced tab, click Settings. This will launch the Windows Firewall Control
Panel applet.
4.
From the Advanced tab, select the interface that should be listening for inbound traffic
in the Network Connections Settings section. Click Settings to configure the applica-
tions that this interface should be listening for connections on.
