Windows Firewall/Internet Connection Sharing (ICS)

The Windows Firewall/Internet Connection Sharing (ICS) component provides the Windows Firewall. Windows Firewall provides a barrier between your device and network connections to help reduce attacks by hackers, viruses, and worms across networks. All networked devices, not just devices connected to the Internet, are vulnerable to these attacks.

Internet Connection Sharing allows multiple computers to use a single public Internet Protocol (IP) address.

This component makes it possible for you to selectively enable access for specific programs, services, and ports through the firewall and to block others.

Windows Firewall and Internet Connection Sharing can be programmatically configured through the APIs that are included in the component after the run-time image is deployed.

To use Internet Connection Sharing, one computer, the Internet Connection Sharing machine, must be connected to a public network and to a private network. This configuration provides increased security for computers on the private network. Private computers are not directly addressable from a public network. The computer running Internet Connection Sharing modifies packets from computers on a private network that are destined for a public network so that such packets appear to go to and come from the Internet Connection Sharing machine. This component also provides Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) services to the private network.

The computer running Internet Connection Sharing increases the security of the computers on the private network by keeping track of the network traffic that programs on the network generate. This prevents unsolicited traffic from being processed by the computers behind the ICS machine. Internet Connection Sharing can also be configured with Universal Plug and Play (UPnP) to allow unsolicited traffic on specific ports to be routed to specific computers on the private network. This is useful for running servers and peer-to-peer applications, for example, network games and some instant messaging applications, that receive unsolicited traffic from the Internet.


There are no services associated with this component.

Associated Components

The Internet Protocol Network Address Translation component must be installed to use Connection Sharing.

This component can be configured on the device after the run-time image is deployed by including the Windows Firewall Control Panel component or the NetShell component.


For detailed information about the configurable settings for this component, see How to Configure Windows Firewall On a Run-Time Image in Windows XP Embedded Help.

Last updated on Wednesday, October 18, 2006

© 2006 Microsoft Corporation. All rights reserved.