Information Technology Reference
In-Depth Information
How It Works
When you are working with a multi-homed server—a server containing more than one network
interface card (NIC) and attached to more than one network segment—you may have Windows
Firewall exceptions that are only applicable to a particular interface.
For example, you may have a Windows Server 2003 that is attached to a private network as
well as the Internet, on which you've installed the Internet Information Server (IIS) to host your
company's public website. In this case, the NIC that is connected to the Internet should be
configured to listen for unsolicited incoming requests on the HTTP port, TCP port 80. However,
you may wish to restrict access to this port to the public-facing NIC only, while the NIC attached
to your private network should not accept unsolicited HTTP traffic. In this case, you'll need to
configure only the Internet-connected NIC with an exception for the HTTP port; this exception
should not apply to the NIC attached to the private network.
Because this is a common reason to enable per-connection Windows Firewall settings,
the Windows Firewall Control Panel applet allows you to easily select several preconfigured
services for per-connection exceptions, including the FTP service, telnet server service, IMAP,
SMTP, and HTTP/HTTPS for Web traffic.
See Also
Recipe 3-7 for more on configuring ICMP exceptions
Microsoft TechNet: “Help: Add a System Service to the Windows Firewall
Exceptions List” (
http://technet2.microsoft.com/WindowsServer/en/Library/
34cfba8e-d564-4a8c-9f4c-58120bed441d1033.mspx
)
3-18. Configuring Firewall Logging
Problem
You want to control how the Windows Firewall logs information on a Windows Server 2003
computer.
Solution
Using a Graphical User Interface
1.
Open the Network Connections applet.
2.
Double-click on the Local Area Connection icon.
3.
From the Advanced tab, click Settings. This will launch the Windows Firewall Control
Panel applet.
4.
From the Advanced tab, click the Settings button in the Security Logging section.
