deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-11-14 10:29:15 -05:00
parent aeb6d8b9f0
commit 6f8b11e0e3
6 changed files with 40 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md
View File

@ -1,11 +1,11 @@
---
title: Best practices for configuring Windows Firewall
description: Learn about best practices for configuring Windows Firewall
title: Recommendations for configuring Windows Firewall
description: Learn about best practices for configuring Windows Firewall.
ms.date: 11/10/2023
ms.topic: best-practice
---
# Best practices for configuring Windows Firewall
# Recommendations for configuring Windows Firewall
Windows Firewall provides host-based, two-way network traffic filtering and blocks unauthorized network traffic flowing into or out of the local device. Configuring your Windows Firewall based on the following best practices can help you optimize protection for devices in your network.
@ -45,9 +45,6 @@ The rule-adding task can be accomplished by right-clicking either **Inbound Rule
![Rule creation wizard.](images/fw02-createrule.png)
> [!NOTE]
>This article doesn't cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) for general guidance on policy creation.
In many cases, allowing specific types of inbound traffic is required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions:
1. Explicitly defined allow rules take precedence over the default block setting
@ -195,7 +192,7 @@ When creating an inbound or outbound rule, you should specify details about the
## Configure Windows Firewall rules with WDAC tagging policies
Windows Firewall now supports the use of Windows Defender Application Control (WDAC) Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can now be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration:
Windows Firewall supports the use of Windows Defender Application Control (WDAC) Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration:
### Step 1: Deploy WDAC AppId Tagging Policies

38
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
View File

@ -1,8 +1,8 @@
---
title: Configure the Windows Defender Firewall Log
description: Learn how to configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections by using Group Policy Management MMC.
ms.topic: conceptual
ms.date: 09/07/2021
description: Learn how to configure Windows Firewall to log dropped packets or successful connections with Microsoft Intune and group policy.
ms.topic: how-to
ms.date: 11/14/2023
---
# Configure Windows Firewall logging
@ -11,7 +11,6 @@ To configure Windows Firewall to log dropped packets or successful connections,
- Microsoft Intune/MDM
- Group policy with the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in
- PowerShell
[!INCLUDE [tab-intro](../../../../../includes/configure/tab-intro.md)]
@ -54,25 +53,18 @@ Once the policy is applied, restart the device.
Once the policy is applied, restart the device.
1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
2. In the details pane, in the **Overview** section, click **Windows Defender Firewall Properties**.
3. For each network location type (Domain, Private, Public), perform the following steps.
1. Click the tab that corresponds to the network location type
2. Under **Logging**, click **Customize**
3. The default path for the log is **%windir%\system32\logfiles\firewall\pfirewall.log**. If you want to change this path, clear the **Not configured** check box and type the path to the new location, or click **Browse** to select a file location
1. In the details pane, in the **Overview** section, click **Windows Defender Firewall Properties**.
1. For each network location type (Domain, Private, Public), perform the following steps.
1. Click the tab that corresponds to the network location type
1. Under **Logging**, click **Customize**
1. The default path for the log is **%windir%\system32\logfiles\firewall\pfirewall.log**. If you want to change this path, clear the **Not configured** check box and type the path to the new location, or click **Browse** to select a file location
> [!IMPORTANT]
> The location you specify must have permissions assigned that permit the Windows Defender Firewall service to write to the log file.
5. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a ize. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
6. No logging occurs until you set one of following two options:
- To create a log entry when Windows Defender Firewall drops an incoming network packet, change **Log dropped packets** to **Yes**
- To create a log entry when Windows Defender Firewall allows an inbound connection, change **Log successful connections** to **Yes**
7. Click **OK** twice
#### [:::image type="icon" source="../../../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)
### Configure Windows Firewall with PowerShell
> The location you specify must have permissions assigned that permit the Windows Firewall service to write to the log file.
1. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a ize. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
1. No logging occurs until you set one of following two options:
- To create a log entry when Windows Defender Firewall drops an incoming network packet, change **Log dropped packets** to **Yes**
- To create a log entry when Windows Defender Firewall allows an inbound connection, change **Log successful connections** to **Yes**
1. Click **OK** twice
---
@ -84,7 +76,7 @@ If logs are slow to appear in Sentinel, you can turn down the log file size. Jus
Sometimes the Windows Firewall log files aren't created, or the events aren't written to the log files. Some examples when this condition might occur include:
- missing permissions for the Windows Defender Firewall Service (MpsSvc) on the folder or on the log files
- missing permissions for the *Windows Defender Firewall Service* (MpsSvc) on the folder or on the log files
- you want to store the log files in a different folder and the permissions were removed, or haven't been set automatically
- if firewall logging is configured via policy settings, it can happen that
- the log folder in the default location `%windir%\System32\LogFiles\firewall` doesn't exist

3
windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md
View File

@ -1,7 +1,6 @@
---
title: Create Windows Firewall rules in Intune
description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune.
ms.topic: conceptual
description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security.
ms.date: 11/07/2023
---

37
windows/security/operating-system-security/network-security/windows-firewall/index.md
View File

@ -1,34 +1,31 @@
---
title: Windows Defender Firewall with Advanced Security
description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
title: Windows Firewall overview
description: Learn overview information about the Windows Firewall security feature.
ms.topic: conceptual
ms.date: 09/08/2021
ms.date: 11/14/2023
---
# Windows Firewall with Advanced Security
# Windows Firewall overview
This topic is an overview of the Windows Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
Windows Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Firewall supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that can't be authenticated as a trusted device can't communicate with your device. You can use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by
## Overview of Windows Defender Firewall with Advanced Security
Windows Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that can't be authenticated as a trusted device can't communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it doesn't provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
[!INCLUDE [windows-firewall](../../../../../includes/licensing/windows-firewall.md)]
## Feature description
Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network's isolation strategy.
Windows Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected.
## Practical applications
To help address your organizational network security challenges, Windows Firewall offers the following benefits:
To help address your organizational network security challenges, Windows Defender Firewall offers the following benefits:
- **Reduces the risk of network security threats.** Windows Firewall reduces the attack surface of a device, providing an extra layer to the defense-in-depth model. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack.
- **Safeguards sensitive data and intellectual property.** With its integration with IPsec, Windows Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data.
- **Extends the value of existing investments.** Because Windows Firewall is a host-based firewall that is included with the operating system, there's no other hardware or software required. Windows Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
- **Reduces the risk of network security threats.**  Windows Defender Firewall reduces the attack surface of a device, providing an extra layer to the defense-in-depth model. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack.
[!INCLUDE [windows-firewall](../../../../../includes/licensing/windows-firewall.md)]
- **Safeguards sensitive data and intellectual property.**  With its integration with IPsec, Windows Defender Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data.
## Next steps
- **Extends the value of existing investments.**  Because Windows Defender Firewall is a host-based firewall that is included with the operating system, there's no other hardware or software required. Windows Defender Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
The *Windows Firewall with Advanced Security* MMC snap-in provides more functionality than the Windows Firewall Control Panel applet. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel applet can protect a single device in a home environment, it doesn't provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
> [!div class="nextstepaction"]
> Learn about the recommendations for configuring Windows Firewall:
>
> [Configure Windows Firewall >](best-practices-configuring.md)

8
windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md
View File

@ -2,12 +2,12 @@
title: Isolating Microsoft Store Apps on Your Network
description: Learn how to customize your firewall configuration to isolate the network access of the new Microsoft Store apps that run on devices added to your network.
ms.topic: conceptual
ms.date: 09/08/2021
ms.date: 11/14/2023
---
# Isolating Microsoft Store Apps on Your Network
When you add new devices to your network, you may want to customize your Windows Defender Firewall with Advanced Security configuration to isolate the network access of the new Microsoft Store apps that run on them. Developers who build Microsoft Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a device, appropriate firewall rules are automatically created to enable access. You can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
When you add new devices to your network, you may want to customize your Windows Firewall configuration to isolate the network access of the new Microsoft Store apps that run on them. Developers who build Microsoft Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a device, appropriate firewall rules are automatically created to enable access. You can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
For example, a developer can decide that their app should only connect to trusted local networks (such as at home or work), and not to the Internet. In this way, developers can define the scope of network access for their app. This network isolation prevents an app from accessing a network and a connection type (inbound or outbound) if the connection has not been configured for the app. Then the network administrator can customize the firewall to further restrict the resources that the app can access.
@ -177,7 +177,3 @@ Use the following procedure if you want to block intranet access for a specific
1. Under **Security Filtering**, click **Add**.
1. Type **domain computers** in the text box and click **OK**.
1. Close Group Policy Management.
## See also
- [Windows Defender Firewall with Advanced Security Overview](index.md)

2
windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
View File

@ -2,7 +2,7 @@
title: Quarantine behavior
description: Quarantine behavior is explained in detail.
ms.topic: conceptual
ms.date: 09/08/2021
ms.date: 11/14/2023
---
# Quarantine behavior