Comments on: Windows 7 multiple active firewall profiles http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/ For Windows Administrators Fri, 19 Mar 2010 19:02:26 +0000 http://wordpress.org/?v=abc hourly 1 By: Wilbur Parker http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/comment-page-1/#comment-142870 Wilbur Parker Sun, 29 Nov 2009 16:59:46 +0000 http://4sysops.com/?p=2509#comment-142870 Searching for this for some time now, Thank you. Searching for this for some time now, Thank you.

]]> By: Anon http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/comment-page-1/#comment-125294 Anon Wed, 18 Mar 2009 02:19:47 +0000 http://4sysops.com/?p=2509#comment-125294 This is a definitely an interesting topic to cover, but I think that the Multiple Active Firewall Profiles feature has been misunderstood. It seems that this article is demonstrating the "Windows Firewall with Advanced Security" feature that allows users to configure (per-profile) whether or not each network interface should be protected by Windows Firewall. This is useful in situations where you only want Firewall to be active if your interface is connected to a certain type of network (e.g. protect my wireless interface when I am connected to a Public network, but not when I am connected to a Domain network). This is useful, but it is not the same as Multiple Active Firewall Profiles. In Windows Vista only one firewall profile could be active at any time. This meant that even if you were connected to a "private" network and a "public" network on the same machine, the overall firewall policy being enforced on the machine was "public" (public is selected because it is meant to be the more secure profile of the two). For example, say my computer has: A Wired interface connected to Private network and A Wireless interface connected to Public network On both interfaces the "public" firewall rules would be applied. This isn't ideal because it means that to get things working correctly on my wired (private) network I might need to add firewall rules to the "public" profile...but then those rules will also apply to the wireless (public) network too...which I may not want! In Windows 7 this behavior has been much improved due to a new feature called "Multiple Active Firewall Profiles". With the new behavior you will see that Firewall is now capable of enforcing different profile policies on each interface! If you take the same example as above, the behavior in Windows 7 will be to enforce the "Private" profile firewall policy on the wired interface, and it will enforce the "Public" profile firewall policy on the wireless interface. This is a really great improvement because it means that you can keep your Public networks secured with a restrictive firewall policy while at the same time applying a less-restrictive policy to your private network. This is a definitely an interesting topic to cover, but I think that the Multiple Active Firewall Profiles feature has been misunderstood.

It seems that this article is demonstrating the “Windows Firewall with Advanced Security” feature that allows users to configure (per-profile) whether or not each network interface should be protected by Windows Firewall. This is useful in situations where you only want Firewall to be active if your interface is connected to a certain type of network (e.g. protect my wireless interface when I am connected to a Public network, but not when I am connected to a Domain network). This is useful, but it is not the same as Multiple Active Firewall Profiles.

In Windows Vista only one firewall profile could be active at any time. This meant that even if you were connected to a “private” network and a “public” network on the same machine, the overall firewall policy being enforced on the machine was “public” (public is selected because it is meant to be the more secure profile of the two).

For example, say my computer has:

A Wired interface connected to Private network
and
A Wireless interface connected to Public network

On both interfaces the “public” firewall rules would be applied. This isn’t ideal because it means that to get things working correctly on my wired (private) network I might need to add firewall rules to the “public” profile…but then those rules will also apply to the wireless (public) network too…which I may not want!

In Windows 7 this behavior has been much improved due to a new feature called “Multiple Active Firewall Profiles”. With the new behavior you will see that Firewall is now capable of enforcing different profile policies on each interface!

If you take the same example as above, the behavior in Windows 7 will be to enforce the “Private” profile firewall policy on the wired interface, and it will enforce the “Public” profile firewall policy on the wireless interface. This is a really great improvement because it means that you can keep your Public networks secured with a restrictive firewall policy while at the same time applying a less-restrictive policy to your private network.

]]> By: Michael Pietroforte http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/comment-page-1/#comment-125175 Michael Pietroforte Sun, 15 Mar 2009 13:11:09 +0000 http://4sysops.com/?p=2509#comment-125175 Samantha, thanks! William, thanks! I was unsure when I wrote the article, but I didn't find a clarifying description on the web. I corrected the article now. Samantha, thanks!

William, thanks! I was unsure when I wrote the article, but I didn’t find a clarifying description on the web. I corrected the article now.

]]> By: William http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/comment-page-1/#comment-125171 William Sun, 15 Mar 2009 09:08:06 +0000 http://4sysops.com/?p=2509#comment-125171 AFAIK, public = public; private = home+work; domain is applied automatically when a domain controller of the domain the workstation belongs to is detected on the network. AFAIK, public = public; private = home+work; domain is applied automatically when a domain controller of the domain the workstation belongs to is detected on the network.

]]> By: Samantha http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/comment-page-1/#comment-125062 Samantha Thu, 12 Mar 2009 09:49:55 +0000 http://4sysops.com/?p=2509#comment-125062 If you have a small company and need an all in one solution that I would look at something like unified threat managment also known as a UTM.Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam?s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection. The ICSA-certified Cyberoam firewall is available along with VPN, gateway anti-virus and anti-spyware, gateway anti-spam, intrusion prevention system, content filtering, bandwidth management and multiple link management, providing comprehensive security to small, medium and large enterprises, including remote and branch offices. Cyberoam is a Check Mark Level 5 certified UTM solution. Key Features 1.Stateful Inspection Firewall 2.Centralized management for multiple security features 3.Embeds user identity in rule-matching criteria 4.Multiple zone security 5.Granular IM, P2P controls 6.ICSA certified If you have a small company and need an all in one solution that I would look at something like unified threat managment also known as a UTM.Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam?s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection.

The ICSA-certified Cyberoam firewall is available along with VPN, gateway anti-virus and anti-spyware, gateway anti-spam, intrusion prevention system, content filtering, bandwidth management and multiple link management, providing comprehensive security to small, medium and large enterprises, including remote and branch offices. Cyberoam is a Check Mark Level 5 certified UTM solution.

Key Features

1.Stateful Inspection Firewall
2.Centralized management for multiple security features
3.Embeds user identity in rule-matching criteria
4.Multiple zone security
5.Granular IM, P2P controls
6.ICSA certified

]]> By: 4sysops - Windows 7 multiple active bfirewall/b profiles | Software Downloads http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/comment-page-1/#comment-125024 4sysops - Windows 7 multiple active bfirewall/b profiles | Software Downloads Wed, 11 Mar 2009 17:03:05 +0000 http://4sysops.com/?p=2509#comment-125024 [...] Read more here:  4sysops - Windows 7 binary astir bfirewall/b profiles [...] [...] Read more here:  4sysops – Windows 7 binary astir bfirewall/b profiles [...]

]]> By: 4sysops - Windows 7 multiple active firewall profiles | WinSe7en http://4sysops.com/archives/windows-7-multiple-active-firewall-profiles/comment-page-1/#comment-125015 4sysops - Windows 7 multiple active firewall profiles | WinSe7en Wed, 11 Mar 2009 15:04:11 +0000 http://4sysops.com/?p=2509#comment-125015 [...] networks at once time and enforce the proper firewall settings on each. See the original post at: 4sysops - Windows 7 multiple active firewall profiles Tags: Firewall Categories: WebLinks Views: 1 views Posted By: Joe Last Edit: 11 Mar 2009 [...] [...] networks at once time and enforce the proper firewall settings on each. See the original post at: 4sysops – Windows 7 multiple active firewall profiles Tags: Firewall Categories: WebLinks Views: 1 views Posted By: Joe Last Edit: 11 Mar 2009 [...]

]]>