Resources > windows 7 Review > The new features in Windows 7 Firewall

The new features in Windows 7 Firewall

We talked about how to restore Windows 7 Firewall to default settings at 2 days ago. So, do you know the new features of Windows 7 Firewall? Just taking a look at the Windows Firewall in Windows 7, showing you how to configure it with multiple active firewall policies.

windows7 firewareThe Windows 7 firewall refined the greatly improved firewall that was included in Windows Vista, and its “hidden” brings advanced features into the open. Many users, including some IT professionals who did not know that monitoring outbound traffic, and otherwise advanced configuration perform tasks for the Vista firewall filters because none was of firewall applet in the control panel visible. With Windows 7, Microsoft has a built-in firewall, host is much functional than its predecessor and now provides a real alternative to the third party host firewall product.


Since the first firewall in Windows XP operating system (Internet Connection Firewall) Microsoft integrated firewall in any subsequent incarnation of Windows has steadily improved. While the Windows Firewall that is more evolutionary than revolutionary in the latest client operating system, Windows 7, it provides some nice tweaks to make it user-friendly and at least a big change that makes a difference to mobile users. In this article we’ll take a look on the Windows Firewall in Windows 7 and show you how to configure it with multiple active firewall policies.

The Evolution of the Windows Firewall

The firewall software in Windows XP was simple and rudimentary and protected incoming traffic only, blocking any inbound connections that had not been initiated by your computer – and it was turned off by default. Service Pack 2 turned it on by default and made it possible for administrators to enable it via Group Policy. The Vista firewall was built on a new Windows Filtering Platform (WFP) and added the ability to filter outbound traffic via the Advanced Security MMC snap-in. With Windows 7, Microsoft has tweaked the firewall further and made it much more useable, especially on mobile computers, by adding support for multiple active firewall policies.

Introducing the Windows 7 Firewall

As with Vista, the basic settings for the Windows 7 firewall are accessed via the Control Panel applet. Unlike Vista, you can also access the advanced settings (including configuration of filtering for outbound connections) through the Control Panel instead of having to create an empty MMC and add a snap-in. Just click the Advanced Settings link in the left panel, as shown in Figure 1.

Note 1: In Windows 7, you can get to the advanced firewall settings through the Control Panel applet

More Network Options

The Vista firewall allows you to choose whether you are on a public or private network. With Windows 7, you have three choices – public network, home network or work network. The two latter options are treated as private networks.

  • If you select the “home network” option, you can set up a Homegroup. In this case, network discovery is automatically turned on so you will be able to see the other computers and devices on the network and they will be able to see your computer. Computers that belong to the Homegroup can share picture, music, video and document libraries and can share hardware devices such as printers. If there are folders in your libraries that you do not want to share, you can exclude them.
  • If you select “work network“, network discovery is on by default but you would not be able to create or join a Homegroup. If you join the computer to a Windows domain (via Control Panel | System | Advanced System Settings | Computer Name tab) and are authenticated to the domain controller, the firewall will automatically recognize the network as a domain network.
  • Public network” is the appropriate selection when you are connected to a public wi-fi network at an airport, hotel or coffee shop or using a mobile broadband network. Network discovery will be turned off by default so that other computers on the network can not see yours and you cannot create or belong to a Homegroup.

With all network types, by default the Windows 7 firewall blocks connections to programs that are not on the list of allowed programs. Windows 7 allows you to configure the settings for each network type separately, as shown in Figure 2.

Note 2: Windows 7 allows you to configure settings separately for each network type

Multiple Active Profiles

With Vista, although were profiles for public and private networks, only one of them could be at a certain point in time actively. When happens on your computer, connected to two different networks, you were out of luck. That restrictive profile for all connections that you may be unable, everything you need to on your local do have meant applied (private) network because you have been following the rules for the public network in operation. Active may different profiles for each network adapter with Windows 7 (and Server 2008 R2). The connection to the private network is subject to the rules, it has coming during private network traffic to or from the public rules are applied.

The Little Things That Count

In many cases, greater usability hinges on small changes and Microsoft has been listening to users and incorporated some of those “little things that count” into the Windows 7 firewall. For example, in Vista when you created firewall rules, you had to list port numbers and IP addresses individually. Now you can specify ranges, which shaves time off of the performance of this common administrative task.

You can also create connection security rules that specify which ports or protocols are subject to IPsec requirements right there in the firewall console, instead of having to use the netsh command. For those who prefer the GUI, this is a handy improvement.

The connection security rules also support dynamic encryption. That means that if a server gets an unencrypted (but authenticated) message from a client computer, a security association can be negotiated “on the fly” to require encryption, making for more secure communications.

Configuring Profiles with Advanced Settings

Using the Advanced Settings console, you can configure the options for each of network type profiles, as shown in Figure 3.

Note 3: You can configure options for each profile using the Advanced Settings console

For each profile, you can configure the following

  • On/off status of the Windows firewall
  • Inbound connections (block, block all connections, or allow)
  • Outbound connections (allow or block)
  • Display notifications (whether or not to notify you when a program is blocked)
  • Allow unicast response to multicast or broadcast traffic
  • Apply local firewall rules created by the local administrator in addition to Group Policy firewall rules
  • Allow local connection security rules created by local administrators in addition to Group Policy connection security rules


The Vista firewall can be configured to log events to a file (by default, Windows\System32\LogFiles\Firewall\pfirewall.log). In Windows 7, the events are also logged in the Event Viewer’s Applications and Services section, making it easier to access. To access this log, open the Event Viewer and in the left pane, click Applications and Services Log | Microsoft | Windows | Windows Firewall with Advanced Security, as shown in Figure 4.

Figure 4: Windows 7 logs firewall events in the Event Viewer as well as a file

In the Event Viewer log, you can create a custom view, filter the log, search the log or enable verbose logging.

The Netsh Command

Windows 7 contains the netsh firewall context for backward compatibility, but if you run it, you will get a message that says “IMPORTANT “netsh firewall” is deprecated; use “netsh advfirewall firewall” instead

Leave a Comment

9 × seven =

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>