Checklist: Creating Outbound Firewall Rules
Applies To: Windows 7, Windows Essential Business Server, Windows SBS 2003, Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista
This checklist includes tasks for creating outbound firewall rules in your GPOs. The firewall in earlier versions of the Windows operating system allowed all outbound network traffic, and provided no way to block it. Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2 support the use of outbound rules.
By default, in Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2, outbound filtering is disabled. Because all outbound network traffic is permitted, outbound rules are typically used to block traffic that is not wanted on the network. However, it is a best practice for an administrator to create outbound allow rules for those applications that are approved for use on the organization’s network. If you do this, then you have the option to set the default outbound behavior to block, preventing any network traffic that is not specifically authorized by the rules you create.
Windows XP and Windows Server 2003 do not support outbound filtering.
Windows 2000 does not include a built-in firewall, so security group filtering should be used to prevent computers running that version of the operating system from applying the GPO.
Checklist: Creating outbound firewall rules for Windows 7, Windows Vista, Windows Server 2008, or Windows Server 2008 R2
Create a rule that allows a program to send any outbound network traffic on any port it requires.
Create a rule that allows outbound network traffic on a specified port number.
Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service.