Cài cài firewall window server 2022

Chuyển đến nội dung chính

Trình duyệt này không còn được hỗ trợ nữa.

Hãy nâng cấp lên Microsoft Edge để tận dụng các tính năng mới nhất, bản cập nhật bảo mật và hỗ trợ kỹ thuật.

Windows Defender Firewall with Advanced Security

• Bài viết
• 08/11/2022
• 2 phút để đọc
• Áp dụng cho:✅ Windows 10, ✅ Windows 11, ✅ Windows Server 2016, ✅ Windows Server 2019, ✅ Windows Server 2022

Trong bài viết này

This topic is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.

Overview of Windows Defender Firewall with Advanced Security

Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that can't be authenticated as a trusted device can't communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.

The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it doesn't provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.

Feature description

Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy.

Practical applications

To help address your organizational network security challenges, Windows Defender Firewall offers the following benefits:

• Reduces the risk of network security threats.  Windows Defender Firewall reduces the attack surface of a device, providing an extra layer to the defense-in-depth model. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack.

• Safeguards sensitive data and intellectual property.  With its integration with IPsec, Windows Defender Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data.

• Extends the value of existing investments.  Because Windows Defender Firewall is a host-based firewall that is included with the operating system, there's no other hardware or software required. Windows Defender Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).

Chuyển đến nội dung chính

Trình duyệt này không còn được hỗ trợ nữa.

Hãy nâng cấp lên Microsoft Edge để tận dụng các tính năng mới nhất, bản cập nhật bảo mật và hỗ trợ kỹ thuật.

Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior

• Bài viết
• 08/11/2022
• 2 phút để đọc
• Áp dụng cho:✅ Windows 10, ✅ Windows 11, ✅ Windows Server 2016, ✅ Windows Server 2019, ✅ Windows Server 2022

Trong bài viết này

To enable Windows Defender Firewall with Advanced Security and configure its default behavior, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console.

Administrative credentials

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.

To enable Windows Defender Firewall and configure the default behavior

1. Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security.

2. In the details pane, in the Overview section, click Windows Defender Firewall Properties.

3. For each network location type (Domain, Private, Public), perform the following steps.

   Note:  The steps shown here indicate the recommended values for a typical deployment. Use the settings that are appropriate for your firewall design.

   1. Click the tab that corresponds to the network location type.

   2. Change Firewall state to On (recommended).

   3. Change Inbound connections to Block (default).

   4. Change Outbound connections to Allow (default).