Configuring Windows Firewall
In this practice, you configure both inbound and outbound filtering. These are common
tasks that occur when you install new applications in almost any network environment, from
small businesses to large enterprises.
Exercise 1 Configure Inbound Filtering
In this exercise, you will install the Telnet Server feature, which configures Windows Server
2008 to accept incoming connections on TCP port 23. Then, you will examine the incoming
firewall rule that applies to the Telnet Server and adjust the rule configuration.
1. In the console tree of Server Manager, select Features. In the details pane, click Add
Features. The Add Features Wizard appears.
2. On the Select Features page, select the Telnet Server check box. Click Next.
3. On the Confirm Installation Selections page, click Install.
4. On the Installation Results page, click Close.
5. In Server Manager, select Configuration\Services. Then, in the details pane, right-click the
Telnet service and choose Properties. From the Startup Type drop-down list, select Manual.
Click the Apply button. Then, click the Start button to start the Telnet Server. Click OK.
6. On a client computer, open a command prompt and run the following command (where
ip_address is the Telnet Server’s IP address):
telnet ip_address
The Telnet server should prompt you for a user name. This proves that the client was able to
establish a TCP connection to port 23.
7. Press Ctrl+] to exit the Telnet session. Type quit and press Enter to close Telnet.
8. On the Telnet Server, in Server Manager, select Configuration\Windows Firewall With
Advanced Security\Inbound Rules. In the details pane, right-click the Telnet Server rule, and
then choose Properties.
9. Click the Programs And Services tab. Notice that the default rule is configured to allow
communications for %SystemRoot%\system32\TlntSvr.exe, which is the executable file for
the Telnet Server service. Click the Settings button and verify that Telnet is selected. Click
Cancel twice.
10. In Server Manager, right-click the Telnet Server rule, and then choose Disable Rule.
11. On the Telnet client computer, run the same Telnet command again. This time the
command should fail because Windows Firewall is no longer allowing incoming Telnet
requests.
12. Use Server Manager to remove the Telnet Server feature and restart the computer if
necessary.
Exercise 2 Configure Outbound Filtering
In this exercise, you configure Windows Server 2008 to block outbound requests by default.
Then, you test it by attempting to visit a Web site with Internet Explorer. Next, you will
create an outbound rule to allow requests from Internet Explorer and verify that the
outbound rule works correctly. Finally, you will return your computer to its original state.
1. Open Internet Explorer and visit http://www.microsoft.com. If an Internet Explorer
Enhanced Security Configuration dialog box appears, you can click Close to dismiss it.
2. In Server Manager, right-click Configuration\Windows Firewall With Advanced Security,
and then choose Properties.
3. Click the Domain Profile tab. From the Outbound Connections drop-down list, select
Block. Repeat this step for the Private Profile and Public Profile tabs.
4. Click OK.
5. Open Internet Explorer and attempt to visit http://support.microsoft.com.
6. You should be unable to visit the Web site because outbound filtering is blocking Internet
Explorer’s outgoing HTTP queries.
7. In Server Manager, below Configuration\Windows Firewall With Advanced Security, right-
click Outbound Rules, and then choose New Rule.
The New Outbound Rule Wizard appears.
8. On the Rule Type page, select Program. Then, click Next.
9. On the Program page, select This Program Path. In the box, type %ProgramFiles%
\Internet Explorer\iexplore.exe (the path to the Internet Explorer executable file).
Click Next.
10. On the Action page, select Allow The Connection. Then, click Next.
11. On the Profile page, accept the default selection of applying the rule to all three profiles.
Click Next.
12. On the Name page, type Allow Internet Explorer outgoing communications. Then, click
Finish.
13. Now, in Internet Explorer, attempt to visit http://support.microsoft.com again. This time
the connection succeeds because you created an outbound filter specifically for Internet
Explorer.
14. In Server Manager, disable outbound filtering by right-clicking Configuration\Windows
Firewall With Advanced Security, and then choosing Properties. In the Domain Profile tab,
click the Outbound Connections list, and then click Allow (Default). Repeat this step for the
Private Profile and Public Profile tabs. Click OK.