Windows Firewall Confusing

  • Thread starter Thread starter Will
  • Start date Start date
W

Will

I had a brief look at Windows Firewall in Vista Ultimate, and I find it
exposes far too low a level of detail in the ruleset, and there are so many
default rules it is almost incomprehensible without careful study. I
administer ISA 2006 and Firewall-1 boxes with hundreds of rules in the
ruleset, so none of the concepts are foreign to me, but the UI in Vista
Firewall just doesn't organize the vast numbers of rules in a way that makes
them easy to follow.
 
Will said:
I had a brief look at Windows Firewall in Vista Ultimate, and I find it
exposes far too low a level of detail in the ruleset, and there are so many
default rules it is almost incomprehensible without careful study. I
administer ISA 2006 and Firewall-1 boxes with hundreds of rules in the
ruleset, so none of the concepts are foreign to me, but the UI in Vista
Firewall just doesn't organize the vast numbers of rules in a way that
makes them easy to follow.
Click to expand...

There is a 3rd party tool that allows a user to more easily configure the FW
with rules I guess. But I can't remember the name of the free tool. Maybe,
someone will mention it.

I use the Vista FW on Ultimate myself. I have things running like IIS and
SQL Server that I must protect with the machine having a direct connection
to the Internet. I use Vista's FW for inbound protection and it does a good
job of doing that.

But I supplement the Vista FW with IPsec, because I understand the rules
using something like the AnalogX rules that I have applied and made my
adjustments.

IPsec can stop inbound or outbound traffic by port, protocol, IP and Subnet.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/CONTENTS/articles/ipsec.htm
http://support.microsoft.com/kb/813878

Again, IPsec is only a supplemental tool to the Vista FW in my usage of
IPsec.
 
Will said:
I had a brief look at Windows Firewall in Vista Ultimate, and I find it
exposes far too low a level of detail in the ruleset, and there are so many
default rules it is almost incomprehensible without careful study. I
administer ISA 2006 and Firewall-1 boxes with hundreds of rules in the
ruleset, so none of the concepts are foreign to me, but the UI in Vista
Firewall just doesn't organize the vast numbers of rules in a way that makes
them easy to follow.
Click to expand...


Vista's built-in firewall, although superior to that of WinXP, is of a
rudimentary nature, intended to meet the simpler needs of most home
consumers (or business/enterprise clients already ensconced behind more
advanced perimeter defenses), so it lacks the sort of granular control
to which you're apparently accustomed.

One 3rd-party add-on (Sphinx's Vista Firewall Control
http://sphinx-soft.com/Vista/) might make the Vista Firewall a bit more
useful to you, but nothing but a completely independent product will be
able to provide the detailed control you want.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
 
Bruce Chambers said:
Vista's built-in firewall, although superior to that of WinXP, is of a
rudimentary nature, intended to meet the simpler needs of most home
consumers (or business/enterprise clients already ensconced behind more
advanced perimeter defenses), so it lacks the sort of granular control to
which you're apparently accustomed.
Click to expand...

I was making the opposite complaint. There were far too many rules being
exposed to the user, and as a result it would be for a consumer an almost
incomprehensible mush.

One 3rd-party add-on (Sphinx's Vista Firewall Control
http://sphinx-soft.com/Vista/) might make the Vista Firewall a bit more
useful to you, but nothing but a completely independent product will be
able to provide the detailed control you want.
Click to expand...

I appreciate the reference.
 
Will said:
I was making the opposite complaint. There were far too many rules being
exposed to the user, and as a result it would be for a consumer an almost
incomprehensible mush.
Click to expand...

You must be accessing the firewall via Admin Tools and not Control
Panel. They have totally different GUIs
 
Back
Top