Upgrade
to Windows
XP Service Pack 2 installs a firewall and turns it on by default. Many users
need to do no further configuration of this firewall. This document is provided
for those who do need to make changes, and for those who are curious about what
can be done with this firewall.
- The configuration menus for the Windows XP SP2 firewall can be started from
the Control Panel.
- The main dialog box (the General tab) is the only one that
most users will ever need to see. You basically click the corresponding button
to turn it either on or off.
- A very important setting can be enabled on the main panel. If you choose
to allow any exceptions for your firewall, you can temporarily (and quickly)
disable them if you take your computer into an insecure area. Just check Don't
allow exceptions. Then when you return your computer to a secure location
you can un-check that option to allow your exceptions again. This is very handy
on laptops.
- The Exceptions tab lists applications in the main window.
A check in the box by the name indicates whether that feature is enabled as an
exception to blocking by the firewall.
Four operations can be chosen by selecting one of the buttons across the lower portion of the tab. - To add a program to the list choose Add Program.
- You may change the scope of the program here. This means that you can
specify individual computers which may be allowed to send data to the particular
application.
- Another operation is to Add a Port. This allows data that
is addressed for a specific port on your computer to be accepted. A program is
typically waiting for data to appear on that port. The Name is
simply whatever you choose to call that exception. This is what gets displayed
in the main list. You also specify whether the port uses the UDP or TCP protocol.
Like Add Program, you can set a scope for the exception.
- Highlight a list entry, then select Edit. The dialog box
that is displayed will have information about the entry in the top portion of
the box. Allowable operations will be accessible via the dialog box. What is
allowed will vary depending on the item itself. For many entries scope is all
that can be edited.
- The last item is Delete.
An item can be temporarily removed from exceptions by simply unchecking the box beside it.
To permanently remove the item from the list, highlight the entry and select Delete.
You will get a dire warning before you are allowed to proceed with the deletion. If you do not know whether it is safe to make the deletion, just disable it by unchecking the box, and leave it on the list.
- The third tab on the main dialog panel is Advanced. It shows
four options. The top option is Network Connection Settings.
- The Settings button leads to a panel with two more tabs. One is Services.
These pertain to server applications that use such protocols as SMTP, POP, FTP,
etc. This section does not apply to client programs which use these protocols.
The average computer does not run any application which needs the server-side
protocol enabled.
- The other tab is for ICMP. One service is listed that is
of special interest: Allow incoming echo request. This allows your machine to
answer a ping. This is very useful when troubleshooting your
network connection, as it allows your computer to be detected by a consultant
at the Help Desk, for example.
- The next Advanced tab is Security Logging
Settings. Unless you are skilled in interpreting these log entries,
you are better off not even accumulating them. Most are perfectly innocuous,
and reflect normal packet traffic on a subnet.
- The third option on the Advanced tab is ICMP Settings. That
should sound familiar ... it is the same as the one under Network
Connection Settings. Go figure.
- The last Advanced option will restore the defaults ... so if you are afraid that you have completely confused your machine's firewall, you can start over safely.