The built-in Windows Firewall, first known
as the Internet Connection Firewall (ICF), is part of Windows XP and
Windows Server 2003. Service Pack 2 (SP2) for Windows XP and Service
Pack 1 (SP1) for Windows Server 2003 improved the firewall and renamed
it the Windows Firewall.
Do
not confuse the built-in Windows Firewall with Microsoft Internet
Security and Acceleration (ISA) Server. ISA is a software-based firewall
that can be installed on Windows Server 2003 or Windows 2000 Server.
Microsoft sells it separately. Unlike the host-based Windows Firewall,
ISA server is a full-featured firewall that provides stateful filtering,
application layer filtering, egress as well as ingress filtering, and
many other enterprise-level features. It can also be used as a web
proxy. Third-party add-ins are available to expand the services it
offers. |
|
1. Internet Connection Firewall (ICF)
The Windows Server 2003 built-in firewall is not
enabled by default. Installation of SP1 will not change this. The
firewall can be enabled and configured to provide rudimentary protection
for the server. When enabled, logging is not turned on.
To enable and configure the ICF
, begin by clicking Start and selecting the Control Panel. Double-click
Network Connections. Right-click the network connection to be shared and
select Properties. Select the Advanced tab and click "Protect my
computer and network by limiting or preventing access to this computer
from the Internet," as shown in Figure 1.
Click the Settings button. If you must provide
access to services on the private network or on this host, select the
service and enter the IP address of the server where the service
resides. Click OK. Click the Security Logging tab and select "Log
dropped packets" and/or "Log successful connections." If required,
change log file options, as shown in Figure 2.
"Log file options" include the Name options (the name of the firewall
log file and the path to its location) and a "Size limit" in kilobytes.
If the log file reaches the limit set in the "Size limit" box, a new
firewall log file is created. Click OK.
Select the ICMP tab. Click to select ICMP options from those shown in Figure 3 if ICMP communications are permitted. Click OK twice to close network settings.
If you need to provide a service connection that is not listed by default on the Advance Settings Services page, as shown in Figure 4, you can configure a custom service definition.
To do so, select the Services page. Click the Add
button and enter a description of the service. In the Service Settings
page shown in Figure 5, enter the computer name or IP address of the computer on which the service will run.
Enter a value in the "External port number for
this service" field and click TCP or UDP. Enter a value in the "Internal
port number for this service" field. When you have finished, click OK.
Now that you have enabled ICF and
customized some of the service settings, it is time to examine some of
the modifications that have been introduced with the service packs.
