This video goes over publishing servers, a very important service in Forefront TMG. Scott will show you how being comfortable with application publishing allows for remote access to various services.

Our training applies to a beginner’s familiarity through advanced knowledge of network security to help you take advantage of all the features this security tool has to offer.

Learn more about our Forefront TMG 2010 training to see how this course can benefit your security needs.

Implementing Forefront TMG enables security tools that protect your network infrastructure from security threats by using antimalware inspection, intrusion prevention, HTTP/HTTPS inspection, and more. The concise, easy-to-use interface can have a positive impact on a company’s planning and productivity.

Microsoft Forefront TMG 2010 Training: Available Now

Our Forefront Threat Management Gateway 2010 training course guides you through the basic setup of Forefront TMG, leading into advanced tutorials that cover under-utilized features that can benefit the unique needs of a network.

Since Forefront TMG supports simple, timely threat management, learning its features through this course will enable you to adapt your firewall to address ever-changing demands of your network. For beginners, this course will help you develop skills for implementing your security, and for more advanced administrators this course will provide detailed tutorials for utilizing more configurations. No matter your level of experience, our TMG training will enhance your practical knowledge of internet security using Forefront TMG.

Instructor Scott Lowe emphasizes the entire process, from basic setup to advanced, real-world threat management scenarios. He shows you how to apply an in-depth handle of TMG’s features that will help you reduce time spent resolving security issues. Scott writes many articles for CNet’s TechRepublic, TechTarget, and TechGenix, and brings to the table 16 years of IT experience.

Don’t leave your network out to dry. Learn how Forefront TMG 2010 Training can help you optimize your security management.

In my new vSphere Troubleshooting course, I will show you how to create new firewall rules and how to view the packets that the firewall has denied. By viewing denied packets, you will be able to troubleshoot firewall rules or other communications in or out of the service console.

In this video I show you step by step how to configure the firewall service to perform verbose logging of denied packets then how to configure syslog to send that level of logging detail to the messages file.

For those of us who need a bit of extra control, I’ll go over each section of the Windows 7 Firewall configuration so you can fine-tune your protection. I won’t go over everything you can customize, but try to cover the most common things, in my experience, that may need to be configured.

Accessing Windows 7 Firewall

To open the Windows 7 Firewall, simply open your start menu and type “Firewall” into the search box. You should see “Windows Firewall with Advanced Security.” Go ahead and open that up and you’ll see something similar to the photo below.

Windows 7 Firewall Advanced Security Interface

Let’s take a look at the Windows 7 Firewall Interface. The first thing you’ll notice is that there is a lot going on. Don’t worry though, the interface is actually quite simple to use and makes things fairly simple to read, even if the interface is a bit different than what we’re used to.

On the left, you’ll see a menu system including Inbound and Outbound Rules, Connection Security rules, and a menu item for monitoring the firewall. In the center box, you’ll see what you will be working with. This is where you’ll see all of the current rules and settings, and where you can edit them.

On the right side, you’ll see an Actions menu. This menu will let you import and export policies, restore, diagnose, or repair (just in case,) along with a few special actions depending on the current menu we’re currently working in. You generally won’t need to use the action menu too much, unless you have policies already saved on your computer that you would like to import.

Getting Started with Advanced Security

The first thing we’ll want to do is make sure the firewall is turned on. On the main firewall page, you should see a section labeled “Overview.” In this section, you should see a Domain Profile, a Private Profile, and a Public Profile. For each of these profiles, choose if you would like to have the firewall on, or off.

To turn the firewall on, look under each profile. The first shield image you should see will be either red, or green, along with text to explain whether the firewall is turned on or off. If it’s off, click on the arrow below labeled “Windows Firewall Properties” and turn it on.

Exempting a Computer from Firewall

Let’s say you have a media server, or even just a computer that sometimes streams content to others in your network. You obviously trust your server, so you want to let it access the computer your on so you can send and receive media as needed without having to authenticate server side. We’ll need to set it up as a trusted computer. In Windows 7 Firewall, this is called an Authentication Exemption.

To set up an authentication exemption, go to “Connection and Security Rules” in the left hand menu. Next, click on “New Rule” in the Action menu. Here you will see the different types on security rules and exemptions you can create. There is also a short description of each to help you figure out if a machine on your network or outside of your network needs any special rules set. In this case, choose “Authentication Exemption” and then click next. Here you can add machines that are exempt from authenticating, click “Add” and you’ll be able to set the IP Address or IP Address range to exemplify. Click OK and then next again to get to the next step in the Wizard. The final step allows you to name the security rule. It’s a good idea to name the rule after the machine(s) you are setting the rule for so you can easily go back to it if needed.

Setting Inbound and Outbound Rules

So let’s say you just installed a new application that needs access to the Internet. You trust the application and want to give it full access to the Internet. The first thing you will need to figure out, is if it needs access to incoming traffic, outgoing traffic, or both. In this example, let’s assume that the application needs to both send, and receive data from the Internet. First, let’s set up an inbound rule to make sure that the application can pull data from the Internet. To set an inbound rule, click on the Inbound Rule menu item on the left side menu, and then click “New Rule…” in the Action menu.

Here, you can create a rule for programs, ports, predefined rules (the HomeGroup, for example,) and custom rules. In this example, we’ll create a program rule. You’ll see a choice for “All Programs” or a specific program path. Choosing All Programs is rarely recommended, so we’ll browse for the program instead. After you choose your program, you’ll be able to set the rule itself.

In most cases, “Allow the connection” will be the best choice, however, you can choose to only allow the connection if it is secure. You also get the choice to block the connection, which although it is the opposite of what we’re trying to do in this example, it is good to remember that we can also block specific applications from accessing sending and receiving. Choose “Allow the connection” and click next. Again, you will be prompted to choose which profiles the rules apply to, and be given the ability to name the rule. For outgoing traffic, the exact same process applies, except in the Outbound Rules section.

So Far, So Good!

Now that you’re able to set up exemptions for computers you trust, and allow or deny applications from sending or receiving data, you are well on your way to having complete control over your computer system.

In this article, I’ll go over the basics of setting up your Windows 7 Firewall to best suit your needs. I’ll go over everything from turning it on, to setting up profiles and allowing or blocking applications from accessing the network.

Enabling and Disabling the Windows 7 Firewall

If you have just recently installed Windows 7, you have probably already come across prompts to enable or disable the Windows 7 Firewall. If you need to enable or disable the firewall, you can simply revisit the setting in your Control Panel, here’s how:

1. Open the Control Panel
2. Click “System and Security”
3. Click “Windows Firewall”

On this page, you’ll see two sections, one on the left with a list of options starting with “Control Panel Home” and a larger section on the right containing information about the firewall’s status and state.

To enable or disable the firewall, look for and click on “Turn Windows Firewall On or Off” on the left side menu. You’ll be taken to a page where you can choose to turn your Windows firewall on or off, as well as some control over profiles, and notifications.

The first section is for your Home or Work profile. Here you can choose to turn your firewall on or off, as well as whether you would like to block incoming connections or be notified when Windows Firewall blocks a new program. Generally, it is a good idea to keep the firewall on with notifications, but without blocking all incoming connections.

The section below is for a much less predictable profile, Public. The public profile is meant for when you’re on a network that you may or may not trust, at a coffee shop for example. The settings remain the same, but you may wish to block incoming connections whenever on a public network, just in case. Whatever you choose to do, it usually is a bad idea to go without a firewall using the public profile.

Allowing and Disallowing a Program to Communicate through Windows 7 Firewall

Back on the Windows Firewall section of your Control Panel, click on “Allow a Program of Feature through the Windows Firewall” to start setting up rules for specific programs and features. This is much like the Inbound and Outbound Rules section of the Advanced Firewall Settings page, but with a more simplified approach.

On this page, you will be given a list of all programs and features that have rules set within the firewall. If the program is not listed, it can be added using the “Allow another program…” button on the bottom right side of the page. If you are unsure about what a certain feature does, you can double click on it to bring up a short description of the feature.

On the right side of the program or feature are two check boxes. Simply check the box for each profile you would like to allow the program to run with. The left box is for Private profiles like Work or Home, and the right box is for the Public profile.

Keeping You Windows 7 PC Safe

Remember, allowing a program to communicate through a firewall is like opening a door to the network and Internet. Anything can come in, and anything can go out. Be sure you trust the application and its source before unblocking any application. Never allow a program that you don’t recognize to communicate through the firewall.

As an added security measure, revisit the Windows 7 firewall often and block applications (or ports) that no longer need to be opened.

Using a firewall is always a good idea. The Windows 7 firewall is a great security measure on any Windows 7 PC, but it isn’t the only option. Some Anti-Virus suites for example, offer their own firewall as well. Being safe doesn’t require you to use a certain firewall, and no solution is perfect for everyone. Whichever you choose, be sure to always have at least one firewall running at all times.

Advanced Security with Windows 7 Firewall

That’s about it for this article, but be sure to check out my next article on the Advanced Settings available in Windows 7 Firewall. You will learn how to create specific inbound and outbound rules for applications, as well as how to give a separate computer or server that you trust, full access to your machine without having to authenticate so you can allow applications and information to stream freely between them. Stay safe!

Understanding what a firewall is, how it functions and how it can be used to your advantage is a good start to building a security policy. There’s some basic terminology that you’ll need to familiarize yourself with first, terms such as gateway, proxy server, screening routers and more. Familiarizing yourself with different firewall designs and how they function is the next step.

This brings us to best practices for creating a security policy that fits your needs and learning how to continue to monitor and improve it as time passes.

Here are some resources to get you started on creating your own security policy, configuring a firewall and gaining a better understanding of it all:

• how to design the best security topology for your firewall
• how to define a security policy
• building and implementing a successful information security policy