At first, XP integrated firewall is often regarded as a chicken rib, but now the powerful function of Win7 firewall has a "professional" taste. Today, I will teach you how to use Win7 firewall.
Same as Vista, you can configure the Windows 7 firewall by accessing the control panel program. Unlike Vista, you can also perform advanced configuration (including configuration of outbound connection filters) by accessing the control panel, instead of having to create a blank MMC and join the embedded snap-in to achieve it, just click Look at the advanced configuration options in the left panel.
Introduction to Windows 7 Firewall
You can quickly open the Windows 7 firewall settings under Win7, that is, you can open the firewall by typing "Firewall" in the search box of the Start menu.
Vista Firewall allows you to choose whether to be on a public grid or a private network. In Windows 7, you have three choices - public network, home network, office network, and the latter two options are dedicated. The refinement of the network.
If you choose the "Home Network" option, you will be able to create a "family group." In this environment, "Network Discovery" will start automatically, you will be able to see other computers and devices on the network, and they will also be able to see your computer. Computers belonging to the "family group" can share pictures, music, videos, document libraries, and hardware devices such as printers. If you have folders that you don't want to share in the document library, you can also exclude them.
If you choose "Work Network", "Network Discovery" will also start automatically, but you will not be able to create or join the "Family Group". If your computer joins a Windows domain (via Control Panel - System and Security - System - Advanced System Configuration - Computer Name tab) and passes DC authentication, the firewall will automatically recognize the network type as the domain environment network.
And the "public network" type is the appropriate choice when you are in the airport, hotel, cafe or use the mobile broadband network to connect to the public wi-fi network, "network discovery" will be turned off by default, so other networks The computer in the middle will not discover your share and you will not be able to create or join the "family group".
In all network modes, Windows 7 Firewall will block any connection sent to applications that are not whitelisted by default. Windows 7 allows you to configure different network types separately.
Multi-Action Firewall Policy
In Vista, although you have two profiles for public and private networks, only one will work for a specified amount of time. So if your computer happens to connect two different networks at the same time, then you have to be unlucky. The most restrictive configuration file will be used by the user to all connections, which means that you may not be able to do what you want in the local (private) network, because you are operating under the rules on the public network. In Windows 7 (and Server 2008 R2), different profiles can be used on different network adapters. That is to say, the network connection between the private networks is governed by the private network rules, and the traffic between the public networks applies the public network rules.
What's the little things that don't stand out?
In many cases, better usability often depends on small changes, MS listens to users' opinions and puts some "inconspicuous" Also played a small thing" joined the Windows 7 firewall. For example, when you create a firewall rule in Vista, you must list each IP address and port separately. Now you only need to specify a range, so the time spent on performing general management tasks is greatly reduced.
You can also create Connection Security Rules in the firewall console to specify which ports or protocols have the need to use IPsec without having to use the netsh command. For those who like the GUI, this is A more convenient improvement.
Connection Security Rules also supports dynamic encryption. This means that if the server receives an unencrypted (but verified) message from the guest, the security association will request encryption through the agreed "running" to establish a more secure communication.
Configuring Profiles in Advanced Settings
Using the Advanced Settings control panel, you can set up profiles for each network type.
For configuration files, you can make the following settings:
* Turn on/off the firewall
* (Block, block all connections or allow) Inbound connections
* (Allow Or intercept) Outbound connection
* (Notify you when a program is blocked) Notification display
* Allow unicast to respond to multicast or broadcast
* Allowing local administrators to create and apply local firewall rules outside of Group Policy firewall rules
About configuring system firewalls with netsh.exe
<1> (1). View, enable or disable system firewalls
Open a command prompt and enter the input command “netsh firewallshow state” and press Enter to check the status of the firewall. From the displayed results, you can see the disable and enable of each function module of the firewall. The command "netsh firewall set opmode disable" is used to disable the system firewall. The command "netsh firewall set opmode enable" is used to enable the firewall.
(2). Allow file and print sharing
File and print sharing are commonly used in LAN. If you want to allow clients to access shared files or printers of this machine, you can enter and execute them separately. The following command:
netsh firewall add portopening UDP 137 Netbios-ns (allows client access server UDP port 137)
netsh firewall add portopening UDP 138 Netbios-dgm (allows access to UDP protocol Port 138)
netsh firewall add portopening TCP 139 Netbios-ssn (allows access to TCP port 139)
netsh firewall add portopening TCP 445 Netbios-ds (allows access to TCP protocol 445 Port)
After the command is executed, the ports required for file and print sharing are released by the firewall.
(3). Allow ICMP echo
By default, Windows 7 does not allow external hosts to ping it for security reasons. However, in a secure LAN environment, the Ping test is necessary for the administrator to perform network testing. How to allow the Windows 7 ping test to be echoed?
Of course, the File and Print Sharing (Echo Request - ICMPv4-In) rule can be set to Allow in the Inbound Rules through the System Firewall Console (if the network uses IPv6, Then you must allow the rules of ICMPv6-In.). However, we can quickly implement the netsh command from the command line. Run the netsh firewall set icmpsetting 8 command to enable ICMP echo. Otherwise, run netsh firewall set icmpsetting 8 disable to disable the echo.
Cause analysis: The occurrence of such a fault is mainly caused by obvious errors in the system disk
1. Click on the Start menu, type cmd in the Start Search box, a
Fault map: Solution 1.You can drag the image directly into the browser, such as Firefox browser, Chr
1. First right click on the “Computer” icon on the desktop of the computer, select ““Manage” o
Windows 7 has a "black screen" emergency processing method
Where does the win8 system computer turn off the firewall?
Win7 view computer motherboard model summary
Microsoft: We won't abandon tablet
Win7 mobile phone and computer transfer files via Bluetooth
How to prevent Windows 7 from automatically installing driver
How to remove the shield logo on the win7 Ultimate computer desktop icon?
Win7 CD Image Recorder How to Use Tutorial
How to modify the default startup location of win7 explorer
Winner of the Wintel Alliance: Windows7 + Core Multi-Core Perfect Match
Win7 computer inserts the disc and then opens the old pop-up
Windows 7 can not modify the system time and the solution
Linux forced delete non-empty directory command
Quickly remove Win8.1 system garbage has a high trick
Notebook Win7 system wireless Internet access often dropped or restricted how to do?
WinXP system desktop icons all disappeared three solutions
Lenovo Zhaoyang E49 computer has been installed after WinXP has been a splash screen solution
How to solve the 80240020 error in the process of upgrading Win10