How To Configure The Windows XP Firewall

The Windows Firewall

Firewalls are not a silver bullet that will shield you from all threats, but firewalls certainly help keep your system more secure. The firewall will not detect or block specific threats the way an antivirus program does, nor will it stop you from clicking on a link in a phishing scam email message or from executing a file infected with a worm. The firewall simply restricts the flow of traffic into (and sometimes out of) your computer to provide a line of defense against programs or individuals that might try to connect to your computer without your approval.

Microsoft has included a firewall in their Windows operating system for a while, but, until the release of Windows XP SP2, it has been disabled by default and required that the user know of its existence and take steps to turn it on.

Once you install Service Pack 2 on a Windows XP system, the Windows Firewall is enabled by default. You can get to the Windows Firewall settings by either clicking on the small shield icon in the Systray at the lower right of the screen and then clicking on Windows Firewall at the bottom under the Manage security settings for heading. You can also click on Windows Firewall in the Control Panel.

Microsoft recommends that you have a firewall installed, but it doesn't have to be their firewall. Windows can detect the presence of most personal firewall software and will recognize that your system is still protected if you disable the Windows Firewall. If you disable the Windows Firewall without having a 3rd-party firewall installed however, the Windows Security Center will alert you that you are not protected and the little shield icon will turn red.

Creating Exceptions

If you are using the Windows Firewall, you may need to configure it to allow certain traffic. The firewall, by default, will block most incoming traffic and restrict attempts by programs to communicate with the Internet. If you click on the Exceptions tab, you can add or remove programs that should be allowed to communicate through the firewall, or you can open up specific TCP/IP ports so that any communications on those ports will be passed through the firewall.

To add a program, you can click Add Program under the Exceptions tab. A list of programs installed on the system will appear, or you can browse for a specific executable file if the program you are looking for is not on the list.

At the bottom of the Add Program window is a button labeled Change Scope. If you click on that button, you can specify exactly which computers should be allowed to use the firewall exception. In other words, you may want to allow a certain program to communicate through your Windows Firewall, but only with other computers on your local network and not the Internet. Change Scope offers three options. You can choose to allow the exception for all computers (including the public Internet), only the computers on your local network subnet, or you can specify only certain IP addresses to allow.

Under the Add Port option, you supply a name for the port exception and identify the port number you want to create an exception for and whether it is a TCP or UDP port. You can also adjust the scope of the exception with the same options as the Add Program exceptions.

Advanced Settings

The final tab for configuring Windows Firewall is the Advanced tab. Under the Advanced tab, Microsoft offers some more specific control over the firewall.

The first section lets you choose whether or not to have the Windows Firewall enabled for each network adapter or connection. If you click on the Settings button in this section, you can define certain services, such as FTP, POP3 or Remote Desktop services to communicate with that network connection through the firewall.

The second section if for Security Logging. If you are having problems using the firewall or suspect that your computer may be being attacked, you can enable the Security Logging for the firewall. If you click on the Settings button, you can choose to log dropped packets and/or successful connections.

You can also define where you want the log data to be saved and set the maximum file size for the log data.

The next section allows you to define settings for ICMP. ICMP (Internet Control Message Protocol) is used for a variety of purposes and error checking including PING and TRACERT commands. Responding to ICMP requests however can also be used to cause a denial-of-service condition on your computer or to gather information about your computer. Clicking on the Settings button for ICMP lets you specify precisely what types of ICMP communications you do or don't want your Windows Firewall to allow.

The final section of the Advanced tab is the Default Settings section. If you have made changes and your system no longer works and you don't even know where to begin, you can always come to this section as a last resort and click Restore Default Settings to reset your Windows Firewall to square one.

Editor's Note: This legacy content article was updated by Andy O'Donnell