Connection Security Rule Properties Page: Advanced Tab
Updated: January 20, 2009
Applies To: Windows 7, Windows Server 2008 R2
Use the settings on this tab to select the network profile and interface types to which the connection security rule applies. You can also configure an IPsec tunnel between the endpoints.
To get to this tab
In the Windows Firewall with Advanced Security MMC snap-in, click Connection Security Rules.
Right-click the rule that you want to modify, and then click Properties.
Click the Advanced tab.
Use these options to specify the profiles to which this rule is applied. Select any combination of profiles that meet your security goals. This version of Windows supports multiple simultaneously active profiles. Each network adapter card attached to a network is assigned one of the following profiles based on what is detected on the attached network. This means that different firewall and connection security rules can affect network traffic, depending on which network adapter receives the traffic.
The domain profile applies to a network when a domain controller for the local computer’s domain is detected. If you select this check box, then the rule applies to network traffic passing through the network adapter connected to this network.
The private profile applies to a network when it is marked private by the computer administrator and it is not a domain network. Newly detected networks are not marked private by default. A network should be marked private only when there is some kind of security device, such as a network address translator or perimeter firewall, between the computer and the Internet. The private profile settings should be more restrictive than the domain profile settings.
The public profile applies to a network when the computer is connected directly to a public network, such as one available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be as tightly controlled as it is in an IT environment.
You can use this setting to specify to which interface type this rule applies. You can create rules that apply to certain interface types only. For example, if you specify only the wireless interface type for this rule, then Windows Firewall with Advanced Security will take the action specified by the rule for wireless traffic. The default setting is All interface types.
Click Customize to select either all interface types or specific interface types.
You can use this setting to create a rule that uses IPsec tunnel mode to establish a connection between two tunnel endpoints.
Use Windows Firewall with Advanced Security to perform Layer 3 tunneling for scenarios in which Layer Two Tunneling Protocol (L2TP) cannot be used. If you are using L2TP for remote communications, no tunnel configuration is required because the client and server virtual private network (VPN) components of this version of Windows create the rules to secure L2TP traffic automatically.
To configure the tunnel endpoints, click Customize, and then provide the required information in the Customize IPsec Tunneling Settings dialog box.