A firewall profile is a way of grouping settings, such as firewall rules and connection security rules, that are applied to the computer depending on where the computer is connected. On computers running this version of Windows, there are three profiles for Windows Firewall with Advanced Security:

ProfileDescription

Domain

Applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined.

Private

Applied to a network adapter when it is connected to a network that is identified by the administrator as a private network. A private network is one that is not connected directly to the Internet, but is behind some kind of security device, such as a network address translation (NAT) router or hardware firewall. The private profile settings should be more restrictive than the domain profile settings.

Public

Applied to a network adapter when it is connected to a public network such as those available in airports and coffee shops. A public network is one that has no security devices between the computer and the Internet. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be controlled.

Each network adapter is assigned the firewall profile that matches the detected network type. For example, if a network adapter is connected to a public network, then all traffic going to or from that network is filtered by the firewall rules associated with the public profile.

Important

Windows Server 2008 R2 and Windows 7 provide support for multiple active per-network adapter profiles. In Windows Vista and Windows Server 2008, only one profile can be active on the computer at a time. If there are multiple network adapters connected to different networks, then the profile with the most restrictive profile settings is applied to all adapters on the computer. The public profile is considered to be the most restrictive, followed by the private profile; the domain profile is considered to be the least restrictive.

If you do not alter the settings for a profile, then its default values are applied whenever Windows Firewall with Advanced Security uses the profile. We recommend that you enable Windows Firewall with Advanced Security for all three profiles.

To configure these profiles, in the Windows Firewall with Advanced Security MMC snap-in, right-click Windows Firewall with Advanced Security, and then click Properties. You can also access the properties from the Action menu, the Action pane, or the center pane, when Windows Firewall with Advanced Security is highlighted.

Additional references


Table Of Contents