Share via

Creating Rules that Allow Required Inbound Network Traffic

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic. To enable programs that depend on such traffic to run correctly, such as network services, you must create rules with specified criteria.


One of the most important improvements in Windows Vista and Windows 7, enabled by the integration of IPsec and the Windows Firewall, is the ability to create inbound firewall rules that only allow traffic that is authenticated, optionally encrypted, or authorized by the requesting user or computer being a member of an allowed group. These advanced inbound rule types are discussed as part of the server isolation scenario found later in this guide. Also, when network traffic is protected by IPsec and meets your criteria, you can choose to configure an inbound rule to override a block rule that would otherwise have blocked the network traffic. This scenario is discussed in the authenticated bypass scenario found later in this guide.

Steps for creating rules that allow required inbound network traffic

In this section of the guide, you create firewall rules that allow specific types of unsolicited inbound network traffic through the firewall.

Step 1: Configuring Predefined Rules by Using Group Policy

Step 2: Allowing Unsolicited Inbound Network Traffic for a Specific Program

Step 3: Allowing Inbound Traffic to a Specified TCP or UDP Port

Step 4: Allowing Inbound Network Traffic that Uses Dynamic RPC

Step 5: Viewing the Firewall Log

Next topic: Step 1: Configuring Predefined Rules by Using Group Policy