Firewall Rules

There are a number of event sources that require the Windows firewall to be modified on the Collector. One example is Cisco ASA.

The Windows Firewall with Advanced Security is a host-based firewall that runs on Windows Server 2012 and is turned on by default. Firewall settings within Windows Server 2012 are managed from within the Windows Firewall Microsoft Management Console (MMC).

The following instructions are for Windows 2012 Server; however, the instructions are similar for most Windows servers.

Review Firewall Settings

To review and set the firewall settings:

  1. Open the Server Manager from the Task bar.
  2. Click the Tools menu and select Windows Firewall with Advanced Security.
  1. Review the current configuration settings by selecting Windows Firewall Properties from the MMC landing page. This allows you to modify the settings for each of the three firewall profiles: Domain, Private, and Public as well as IPSec settings.

Modify Rules

Custom rules allow the finest level of control over inbound and outbound traffic to your Windows Server 2012.

To modify firewall rules:

  1. If you have not done so already, load the Windows Firewall MMC by opening the Server Manager from the Task bar, clicking the Tools menu, and selecting Windows Firewall with Advanced Security.
  2. From the left side of the management console, select either Inbound Rules or Outbound Rules under Windows Firewall with Advanced Security.
    • Note: This will provide you a listing for each of the currently configured firewall rules. Rules that are currently enabled are denoted by a green check mark, while disabled rules are denoted by a grey check mark. Right-click on a rule to enable or disable it.
  1. Click New Rule from the right side of either the "Inbound Rules" or "Outbound Rules" tab.
  1. Select Custom from the Rule Type radial button.
  2. Click the Next button.
  1. Select the Program association for the Custom Firewall Rule for either "All programs" or "This program path" for a specific program.
  2. Click the Next button.
  1. Select the protocol type from the "Protocol type" dropdown list.
  2. Click the Next button.
  1. Select an IP address association for both local and remote addresses.
  2. Click the Next button.
  1. Select an action to take on matching traffic.
  2. Click the Next button.
  1. Select the profiles associated with the custom rule.
  2. Click the Next button.
  1. Enter a name for the firewall rule in the "Name" field.
  2. Optionally, enter a description in the "Description" field.
  3. Click the Finish button.
  1. Once the rule is created, it will be enabled. The firewall rule can be found on the corresponding "Rule" tab, either inbound or outbound depending on the type created.
  2. To disable or delete the rule, find the rule in the MMC, right-click it, and select either Disable Rule or Delete.