Windows 7: Firewall

Windows 7 Firewall is the location where you control and configure firewall settings. A firewall is a virtual line of defense against unwanted computers or connections trying to break into your computer through your network.

The Vista firewall allowed you to choose whether you are on a public or private network.

With Windows 7, you have three choices - public network, home network or work network. The two latter options are treated as private networks.

If you select the "home network" option, you can set up a Homegroup.

In this case, network discovery is automatically turned on so you will be able to see the other computers and devices on the network and they will be able to see your computer.

Computers that belong to the Homegroup can share picture, music, video and document libraries and can share hardware devices such as printers.

If there are folders in your libraries that you do not want to share, you can exclude them.

If you select "work network," network discovery is on by default but you would not be able to create or join a Homegroup.

If you join the computer to a Windows domain (via Control Panel | System | Advanced System Settings | Computer Name tab) and are authenticated to the domain controller, the firewall will automatically recognize the network as a domain network.

"Public network" is the appropriate selection when you are connected to a public wi-fi network at an airport, hotel or coffee shop or using a mobile broadband network.

Network discovery will be turned off by default so that other computers on the network can not see yours and you cannot create or belong to a Homegroup.

With all network types, by default the Windows 7 firewall blocks connections to programs that are not on the list of allowed programs. Windows 7 allows you to configure the settings for each network type separately.

With Vista, even though you had profiles for both public and private networks, only one of them was allowed to be active at a given time.

If your computer happened to be connected to two different networks, you were out of luck. The most restrictive profile got applied to all connections, which meant you might not be able to do everything you needed to do on your local (private) network because you were operating under the rules for the public network.

With Windows 7 (and Server 2008 R2), a different profiles can be active for each network adapter. The connection to the private network is subject to the private network rules while traffic coming to or from the public has those rules applied.

in Vista when you created firewall rules, you had to list port numbers and IP addresses individually. Now you can specify ranges, which shaves time off of the performance of this common administrative task.

You can also create connection security rules that specify which ports or protocols are subject to IPsec requirements right there in the firewall console, instead of having to use the netsh command. For those who prefer the GUI, this is a handy improvement.

The connection security rules also support dynamic encryption. That means that if a server gets an unencrypted (but authenticated) message from a client computer, a security association can be negotiated "on the fly" to require encryption, making for more secure communications.

The Windows 7 Firewall refines the much-improved firewall that was included in Windows Vista, and brings its "hidden" advanced features out into the open.

Credit