Windows Firewall Documentation


There is a lot of confusion around the Windows Firewall and its settings in Windows Server 2008 R2 and Windows 7. This may be due to the history of Windows Firewall which is not so impressive. Actually, if you were to ask any Windows network or desktop administrator if they would use the Windows Firewall for Windows 2000, XP, or 2003, they would most likely give you a resounding “NO”. However, Microsoft put a lot of effort and money into the new Windows Firewall for Windows Server 2008, Windows Server 2008 R2, and Windows 7, making it a viable and even default configuration to help end point security on your networks. The big question is how can you leverage what is there by default, and add to the security settings in an efficient manner?

The New Windows Firewall Environment

In order to see the new Windows Firewall environment, you first need to find it. There is a bit of confusion in Windows Server 2008 on where to find the actual firewall settings, as well as where to configure them. Like nearly every operating system from Microsoft, most users will go to the Control Panel to find configuration settings. If you go to Control Panel for Windows Firewall, you will find it, but it might not give you what you are looking for. Figure 1 illustrates what you see when you click on the Windows Firewall applet for Windows Server 2008.

Figure 1: Windows Server 2008 Windows Firewall applet in Control Panel.

Notice in Figure 1 that there are very few options to choose from in order to get to the settings for the firewall. Before you start clicking around to find the existing firewall rules, let me tell you that you will be hard-pressed to find them from this interface.

For Windows Server 2008 you will need to go into the Server Manager in order to see the actual firewall rules and their configurations. In order to see the Windows Firewall rules using Server Manager, follow these steps:

  1. Click Start – Administrative Tools – Server Manager
  2. Within Server Manager, expand the Configuration node, then the Windows Firewall with Advanced Security node
  3. Click on the Inbound Rules node, which will bring up a listing of all of the inbound firewall rules for that computer, which is also shown in Figure 2.

Figure 2: Inbound firewall rules

For Windows Server 2008 R2 and Windows 7, Microsoft made some changes for accessing the Windows Firewall rules. You can still use Server Manager, but within the Windows Firewall applet through Control Panel you can now access the firewall rules. To access the Windows Firewall and the rules using Control Panel on your Windows Server 2008 R2 and Windows 7 computers, just click on the Advanced Settings menu option on the left side of the window, as shown in Figure 3.

Figure 3: Windows Server 2008 R2 and Windows 7 Windows Firewall

Documenting Windows Firewall Settings

I know, documentation makes you cringe, but trust me, this documentation is very easy! There might be two reasons that you want to document the Windows Firewall settings from your servers and desktops. First, you might want to document for disaster recovery. If you were to loose a server completely, with no other form of backup except for documentation of the settings, then at least you have that. In order to document your Windows Firewall settings perform the following steps:

  1. Access the Inbound Rules and Outbound Rules view (see Figure 2 for details)
  2. Right-click on the Inbound Rules node and then select the Export List option
  3. Right-click on the Outbound Rules node and then select the Export List option

(For steps 2 and 3, you can either create a tab or comma delimited file)

The second reason that documenting firewall settings is so essential as quick references can be made as to what is configured (or what was configured) on each server. There are often times where changes are made (typically in error or non-intentionally) which can alter a firewall setting, port configuration, application configuration, etc. After you make a setting change which might alter a firewall setting, a quick and easy way to rule out the firewall settings as being the cause of the issue is to quickly compare the documented settings to the current settings. The exporting of the inbound and outbound firewall rules will provide this level of documentation.

Comparing Existing Settings to Default Settings

In addition to documenting the existing settings, it is also important to know what the default, out of the box firewall settings are. There are often times when a server is tweaked, applications added, settings altered, etc. which make changes “under the hood”. In many of these cases the changes made one month will not appear as an issue until the next month or two. After so much time the changes that caused the issue are very hard to remember and track down (Of course, unless you are keeping the server change logs which you are supposedly keeping!).

An easy way to get the default firewall settings for Windows Server 2008 and Server 2008 R2 is from the Security Configuration Wizard. Within this wizard is the Security Configuration Database. This database includes all of the server “roles” for these platforms, which is an all inclusive listing of services, ports, and firewall settings required for each role. For more information on the SCW and database, go here.


Ensuring that you have your Windows Firewall settings documented is critical. In many cases, the process is difficult and time consuming. On the contrary that’s not the case with Firewall settings. Of course, it might be tricky with some Windows operating systems but it should not be that bad. Windows Server 2008 R2 and Windows 7 makes this much easier, and Windows Server 2008 just requires that you know where to go. Once you get there it is easy to document. Using these methods and techniques will give you all you need to know about your firewall settings.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top