Step 4: Examining the Basic Options Available When Using the Windows Firewall with Advanced Security MMC snap-in

Published: November 2, 2007

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you use the Windows Firewall with Advanced Security MMC snap-in to see the basic options available.

To examine the basic options by using the Windows Firewall with Advanced Security MMC snap-in

  1. On MBRSVR1, open Windows Firewall with Advanced Security.

  2. Examine the three panes of the Windows Firewall with Advanced Security snap-in.

    • The navigation pane enables you to select from the main functional areas.

    • The results pane displays information about currently selected functional area.

    • The actions pane displays tasks that are relevant to the currently selected functional area.

  3. In the navigation pane, select the node labeled Windows Firewall with Advanced Security.

    The results pane displays the basic state information for each network location profile. Because MBRSVR1 is connected to the domain, the entry for that network location profile in the Overview section reads Domain Profile is Active.


In Windows 7 and Windows Server 2008 R2 more than one profile can be listed as active, if there are connections to multiple networks.

  1. In the navigation pane, right-click Windows Firewall with Advanced Security, and then click Properties.

  2. Note that there are four tabs, one for each network location profile and one for IPsec settings. The changes you make on each profile tab only apply to the computer when the specified network location profile is active. The IPsec Settings tab enables you to configure the default IPsec protocol parameters that are used when a connection security rule does not specify otherwise.

  3. Click the Private Profile tab as an example. Note that for each profile, you can enable or disable the firewall, configure the default firewall behavior for handling unsolicited inbound connections and outbound connections, and specify logging options.

  4. Click Customize in the Settings section. Note that for each profile, you can configure notifications and how your computer responds to incoming multicast or broadcast network traffic.

    The Rule merging section is disabled because they apply only when you are managing the settings of a Group Policy object (GPO) instead of the local computer. These settings indicate whether the GPO allows local Administrators to apply their own locally created firewall and connection security rules. If set to No then only GPO-supplied rules are applied to the computer and any locally defined rules are ignored.

  5. Click Cancel to return to the main Properties dialog box.

  6. Click Customize in the Logging section to examine the options available for creating a log file to capture details about the firewall's operation. Even though a log file name is specified, nothing is written to the file until you select Yes in one of the two lists.

  7. Set the value of both lists to No to disable logging. You will use this in a later section of the guide.

  8. Click Cancel two times to return to the Windows Firewall with Advanced Security snap-in.

  9. You can select the other functional areas to see the currently configured Inbound Rules, Outbound Rules, and Connection Security Rules, but do not change any settings at this point.

Next topic: Step 5: Examine the Differences in Functionality Between the MMC Snap-in and the Netsh Command-line Tool