SP2 Windows Firewall (ICF)

[Jake]

Has anybody had a chance to beta the SP2 Windows
Firewall? I need to find out if you can add exceptions
for *any* traffic or just for TCP/UDP. I know you can
specify excepted traffic by application in SP2, instead
of just by port like in SP1, but I can't tell from the
articles if specifying by application will work for non-
TCP, non-UDP applications. My current need is to except
all ESP traffic.

Ideally, Microsoft would be able to statefully filter ESP
just like TCP and UDP, so you wouldn't need to add an
exception. But that's not the case, at least with SP1
ICF.

Does anyone have more information?

Thanks,
Jake

 

[Carey Frisch [MVP]]

"Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2"

Windows XP Service Pack 2 provides Windows Firewall, an enhanced firewall that is
enabled by default. This white paper describes the methods used to deploy Windows Firewall
settings in a managed environment:
http://www.microsoft.com/downloads/...e1-61fa-447a-bdcd-499f73a637d1&DisplayLang=en

Windows XP Service Pack 2 Resources for IT Professionals
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------------------


| Has anybody had a chance to beta the SP2 Windows
| Firewall? I need to find out if you can add exceptions
| for *any* traffic or just for TCP/UDP. I know you can
| specify excepted traffic by application in SP2, instead
| of just by port like in SP1, but I can't tell from the
| articles if specifying by application will work for non-
| TCP, non-UDP applications. My current need is to except
| all ESP traffic.
|
| Ideally, Microsoft would be able to statefully filter ESP
| just like TCP and UDP, so you wouldn't need to add an
| exception. But that's not the case, at least with SP1
| ICF.
|
| Does anyone have more information?
|
| Thanks,
| Jake

 

[Guest]

Carey, thank you, but your links do not answer my
question. I've read all the articles, and nothing
explicitly states whether the "exception by application"
capability works with non-TCP, non-UDP applications such
as an IPSec VPN client, which uses ESP.

Does anybody have first-hand experience with SP2 Windows
Firewall?

Thanks,
Jake

 

[Carey Frisch [MVP]]

Please repost your question in one of the SP2 beta newsgroups:

Welcome to Windows XP SP2 Technical Preview Newsgroups
http://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------------------------------


| Carey, thank you, but your links do not answer my
| question. I've read all the articles, and nothing
| explicitly states whether the "exception by application"
| capability works with non-TCP, non-UDP applications such
| as an IPSec VPN client, which uses ESP.
|
| Does anybody have first-hand experience with SP2 Windows
| Firewall?
|
| Thanks,
| Jake
|

 

[la02]

Jake

You can make exceptions by right clicking on Network connection you want o
change, go to the properties of TCP/IP and choose the changes, exceptions
and allows you want.
Be careful!