Windows Firewall with Advanced Security and IPsec

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Windows Firewall with Advanced Security is an advanced interface for IT professionals to use to configure both Windows Firewall and Internet Protocol security (IPsec) settings for the computers on their networks. Windows Firewall with Advanced Security is not for home users or for users who are not familiar with advanced firewall or IPsec technologies.

Note

Home users should use the Windows Firewall program in Control Panel instead. To start the Windows Firewall program, click Start, click Control Panel, click Security, and then click Windows Firewall. Help for using the Windows Firewall program can be found either by pressing the F1 key while viewing the main Windows Firewall page or by clicking the links on the Windows Firewall dialog boxes.

This topic describes the documentation currently available for Windows Firewall with Advanced Security in Windows Vista®, Windows Server® 2008, Windows® 7, and Windows Server® 2008 R2. Additional documentation is in development, so check back periodically to see what has been added.

Your feedback is valuable and welcome! Please send your comments and suggestions to Windows Firewall with Advanced Security Documentation Feedback (wfasdoc@microsoft.com). The author of this guide will review your comments and use them to improve this documentation. Your e-mail address will not be saved or used for any other purposes.

Product Evaluation

  • What's New in Windows Firewall with Advanced Security

    This document identifies new Windows Firewall with Advanced Security features introduced in Windows 7 and Windows Server 2008 R2, as well as features that were introduced with Windows Vista and Windows Server 2008.

  • Introduction to Windows Firewall with Advanced Security

    Windows Firewall with Advanced Security is a stateful, host-based firewall that blocks incoming and outgoing connections according to the rules configured by an administrator.

  • Introduction to Server and Domain Isolation

    You can mitigate some of the risks associated with unauthorized and potentially malicious access to your network and its resources by creating an isolated network. By using Active Directory® Domain Services (AD DS) and Group Policy settings, you can isolate both your domain and servers that store sensitive data, thus limiting access to only authenticated and authorized users.

  • Server Isolation with Microsoft Windows Explained

    This topic provides a detailed overview of server isolation. It explains how server isolation protects isolated servers and the benefits of deploying server isolation. It also provides a brief overview of how to deploy server isolation.

  • Domain Isolation with Microsoft Windows Explained

    This white paper provides a detailed overview of domain isolation. It explains how domain isolation protects domain member computers and the benefits of deploying domain isolation. It also provides a brief overview of how to deploy domain isolation.

Getting Started

Getting Started documents are designed to help you get the technology up and running in the minimum amount of time.

  • Windows Firewall with Advanced Security Learning Roadmap

    If you are new to Windows Firewall with Advanced Security, this topic can help you identify what you need to learn to fully understand and use all of the features available in Windows Firewall with Advanced Security. It includes prerequisite topics that cover a variety of networking fundamentals. You must understand the prerequisite topics first, because the topics for Windows Firewall with Advanced Security build upon them and assume an understanding of them. Afterwards, you can begin learning about Windows Firewall with Advanced Security by reading the documents in the Level 100, 200, and 300 sections.

  • Windows Firewall with Advanced Security Getting Started Guide

    Although typical end-user configuration of Windows Firewall still takes place through the Windows Firewall program in Control Panel, advanced configuration now takes place in the Microsoft Management Control (MMC) snap-in named Windows Firewall with Advanced Security. This snap-in not only provides an advanced interface for configuring Windows Firewall locally, but also for configuring Windows Firewall on remote computers by using Group Policy. Firewall settings are now integrated with IPsec settings, allowing for some synergy: Windows Firewall can now allow traffic based on whether it is secured by IPsec.

  • Windows Firewall and IPsec Policy Deployment Step-by-Step Guide

    This step-by-step guide describes how to deploy Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security in Windows® 7, Windows Vista®, Windows Server® 2008 R2, and Windows Server® 2008. You get hands-on experience in a lab environment using Group Policy Management tools to create and edit GPOs that implement typical firewall settings. You also configure GPOs to implement common server and domain isolation scenarios. This document is also available as a Word .doc file in the Microsoft Download Center at Windows Firewall with Advanced Security Step-by-Step Guide - Deploying Firewall Policies (https://go.microsoft.com/fwlink/?LinkID=102503).

Planning and Architecture

Deployment

Operations

Operations content provides procedures that help you in performing the day-to-day tasks that keep your implementation running smoothly.

Technical Reference

Troubleshooting

Troubleshooting documentation helps you solve problems that arise when you try to deploy, manage, or use Windows Firewall with Advanced Security.

Installed Help

Installed Help is available when you open any of the following Microsoft Management Consoles (MMCs), and then press F1: Windows Firewall with Advanced Security, IP Security Policies, and IP Security Monitor. The installed Help provides information about how to use and configure Windows Firewall with Advanced Security and IPsec.

  • Windows Firewall with Advanced Security (for Windows Vista and Windows Server 2008)

    Windows Firewall with Advanced Security (for Windows 7 and Windows Server 2008 R2)

    The Authfw.chm file is installed with Windows. It is displayed when you open the Windows Firewall with Advanced Security MMC snap-in and press F1.

  • Creating and Using IPsec Policies

    The Ipsecpolicy.chm file is installed with Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It is displayed when you open the IP Security Policies MMC snap-in and press F1.

Note

The IP Security Policies snap-in is designed for use with earlier versions of Windows and is provided for backward compatibility. Although it can be used to create IPsec policies that can be applied to computers running Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, this snap-in does not support the new security algorithms and other new features available in those newer versions of Windows. To create IPsec polices that use these new algorithms and features, use the Windows Firewall with Advanced Security snap-in.

  • Monitoring IPsec

    The Ipsecmonitor.chm file is installed with Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It is displayed when you open the IP Security Monitor MMC snap-in and press F1.

Note

The IP Security Monitor snap-in is designed for use with IPsec policies created by the IP Security Policy Management MMC snap-in. It is designed for earlier versions of Windows and is provided for backward compatibility. This snap-in does not support the new security algorithms and other new features available in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. To monitor IPsec when using these new algorithms, use the Monitoring node in the Windows Firewall with Advanced Security snap-in.

Other Information

Windows Firewall and IPsec documentation for earlier versions of Windows