Due to requests I have put together a short guide on how to use the Vista "Windows Firewall with Advanced Security" I was not quite sure as to how to put the info forward, as there is the "Windows Firewall with Advanced Security", but there are 2 other areas that need to be looked at. I decided to jump right in, and first explain the main area:- Location:- Start menu- Control panel- System and Maintenance- Administrative Tools- Windows Firewall with Advanced Security. This brings up an MMC snap in, but I will refer to this as the "Main firewall UI" By default it will show you the 3 profiles that are used. A profile can be explained as a ruleset for a specific type of location as to where you are connecting Domain: Connecting to a Domain Private: This would be used for a trusted LAN, such as an home network where sharing is allowed. Public: Used if connecting directly to the Internet, or on an untrusted LAN, or simply if you want to keep the PC isolated from other PCs on the LAN When you first connect to a network, windows will detect what type of connections it is. If a Domain, then that profile will be selected. If not a Domain, then there will be a popup for you to select either "Public" or "Private", so you can then decide what profile(or ruleset) to use. If you change your mind after selecting, you can change this, but you need to go to the "Network and Sharing" to do that. That is one of the other areas we will look at later. Before we go further. How to enable the outbound control: If you select "Properties" (as highlighted in above pic), this will bring up the window below:- [NOTE: I have already changed the default settings, as by default the "outbound connections" are set to "Allow"] The first 3 tabs show the base settings of each of the profiles, each profile can have different settings for the inbound/outbound, logging etc. So lets look at what the settings are. Firewall State: Simply to change the firewall to On or Off for that profile Inbound connections: Block (Default): This will block all connections that are not specifically allowed. So if you have rules set to allow inbound, maybe for file sharing or a game server etc, then that is the option to use. Block all connections: This will set the firewall for that profile to "block all without exception". So even if you have inbound allow rules, these will be blocked Allow: Will allow all connections that have not been specifically blocked. So if you have no inbound blocking rules, then all inbound will be allowed. Outbound Connections: Allow(Default): Will allow all outbound for that profile that have not been specifically blocked with rules. Block: Will block all for that profile that as not been specifically allowed by rules. Settings: select "Customize" to bring up the popup below: For an explanation of these settings, just click on the "learn more about these settings" as they are explained Logging: select "Customize" to bring up the popup below: Again, for an explanation, just click the "Learn more about logging", it is explain as well as I could put forward. The "IPsec" tab. That is part of the setup for secure connections. We will go through the basics later when creating rules. Now lets start to look at the pre-defined rules currently in the firewall. We will look at the current outbound rules. In the "main firewall UI" select "Outbound" You will see there are a lot of rules in place, those with a green "tick" show the rule as active, those grayed out are disabled. To get some understanding of what the rules are for, it is better to look at the "Group" column, you will see that various rules are placed together in groups, such as the "File and print sharing" and "Remote assistant". Most users will probably at least know what that is referring to, if not, then it would be advisable to spend a little time online to check. What also should help, is if you look at the "Profile" column, You will see that each rule is assigned to one or more profiles. So when a rule is active, then it is only active(in use) when that specific profile is in use. To get an overview of what rules are actually in use, without having to look down the list checking which rule is active and in which profile, go to "monitoring - Firewall". This will show all inbound and outbound rules active for the current profile in use. Adding outbound rules: This is what most users want to know. So we will go through a step by step procedure. First. If for example, a user wants to enable "file and Printer Sharing", then in the "main firewall UI" you have 2 choices. You can go down the list and enable the rules required, or you can simply select "New Rule" Select "predefined", then select "file and Printer Sharing", press next. It will show you the rules required, and you can then enable the rules. This could actually be done easier in the "Network and Sharing" center, which we will look at later. Adding a rule for a specific application. There can be 2 parts to adding an application rule, it depends on how tight you want the rule to be. So lets add a rule for Firefox browser. In the "main firewall UI" select "outbound" then "New rule" Select "Program" Select "This program path" then browse for the application, in this example, Firefox Select "Allow the connection" You can then select which profile(s) you want to add the rule to Then name the rule/ add a description. Then finish You then have a rule to allow all outbound for Firefox. For some users, that may be sufficiant control for their needs. If you then want to make restrictions you edit the rule. To add restrictions, double click the rule for FF that you just created, this will bring up the properties for the rule. Select "Protocols and Ports". For normal HTTP/HTTPs connections, you would set the Protocol as "TCP" then add remote ports 80,443. If you then wanted to add endpoint restriction as to what IPs can be connected to (if for example this was actually a program that you only wanted it to connect to its update site), then add the IPs to the "Remote IP address" Adding rules for svchost There are a number of concerns when adding rules for the services host(svchost). As for example, when adding rules to allow windows updates, there is a need to allow open ended rules for remote ports 80/443. Attempting to make end-point restrictions can be a problem due to the amount of mirror sites used by MS that can constantly change. In the firewall rules, you can add the actual service to the rule, which does add some restriction. As we did for firefox, you first create an application outbound rule for svchost, during its creation you will get a warning popup:- Dont concern, just finish the rule, once done, double click the rule you created and bring up the rule properties. Select the "Programs and Services" tab, then select the "Services- Settings" In the popup window, select "Apply to this service", then select the "windows update", then OK You can then go to the "Protocols and Ports" tab, and select protocol TCP and the remote ports.