Windows Firewall with Advanced Security in Server 2008 allows for extended configuration and fine-tuning compared to the Server 2003 Windows Firewall.
Some of the new features include a New GUI Interface, Bi-directional filtering, IPSec-like rules, and more advanced options in general.
- New GUI Interface
- Bi-directional filtering
- IPSec-like rules and more advanced options in general
One of the differences between Windows Firewall and Windows Firewall with Advanced Security (WFAS) is that the old Windows Firewall only allowed you to configure a single profile of rules. WFAS comes with three Profiles to group rules together based on the current connection status. The three default profiles are Public, Private, and Domain. These different profiles allow you to take several inbound & outbound rules and apply that group of firewall rules to your server based on your server’s connection to the network (eg. the corporate LAN vs. the Internet).
While this may seem over-complicated at first, it really is a simple way to apply different firewall rule sets depending on the server’s current connection.
The majority of servers will use the Public profile, as they are Publicly accessible on the Internet. Compare this to a server at your office which is not publicly accessible, that server would typically use the Private or Domain profile with many ports open to allow various programs to communicate. If you suddenly needed to connect that server to the Internet directly, you could have a more strict Public firewall profile which only allows essential ports to protect the server further compared to the Private or Domain profiles.
- The public profile is applied whenever a computer is connected to a public network.
- The private profile is applied whenever a computer is connected only to a private network and is not part of an Active Directory domain.
- The domain profile is applied whenever a computer is connected only to a private network and is part of an Active Directory domain.
To Determine what Profile WFAS is using, open WFAS by going to Start > Administrative Tools > Windows Firewall with Advanced Security
The overview section tells you which Profile is currently Active. (eg. Public Profile is Active)
In the example below, you can see that the Public Profile is marked as the Active profile. Only the rules in the Public Profile would be applied at this time.
You cannot manually set which Profile the server uses. The profile is determined by the network connection the server is using at that time. If your server is connected to both a Public and Private network, it still only uses the Public profile as this is typically more strict for a publicly facing server.