Partager via


Application Compatibility: Networking: Windows Firewall Enabled by Default on Windows Server 2008

Networking: Windows Firewall Enabled by Default on Windows Server 2008

Feature Impact

Moderate

Brief Description

Windows Firewall is on by default. This setting means that the application installers need to be aware of the ports that the application uses so that these firewall ports are explicit opened, or to turn off Windows Firewall (recommended only if another firewall is installed).

On Windows Server® 2008, server roles and optional components are aware of the firewall and will plumb firewall rules automatically upon installation. Conversely, the same components and roles will remove their firewall rules when they are uninstalled.

Manifestation

Legacy application installers might break because dependent TCP/IP ports will not be open by default.

Legacy applications might break after installation because dependent TCP/IP ports will not be open by default. On Windows Vista®, client applications will prompt the user for a decision to allow or to keep blocking the application. On Windows Server 2008, there is no such prompt. Instead, a security audit event is logged to signal that an application was blocked.

Remedies

For legacy application installers, the ports need to be explicitly opened by an administrator, or turn Windows Firewall off.

Administrators can leverage:

  • The netsh advfirewall context to work with firewall rules from scripts.

  • Security Configuration Wizard templates to configure their servers only

Developers can leverage:

  • The INetFwPolicy2 Firewall APIs to integrate their installers with the Windows Firewall with Advanced Security.

INetFwPolicy2 Interface

Unattended Installation Settings Reference

See Also

Concepts

Application Compatibility