Security

Configure the Windows XP firewall after Service Pack 2

After installing Windows XP Service Pack 2, you will notice several changes to the XP firewall. Depending on your system, you may need to tweak the firewall's configuration.

If you have an explanation or quick fix that would make a good SolutionBase article, we invite you to submit your solution using this form.

Problem

While the Microsoft Windows XP firewall has always been part of the operating system, the default configuration was always set to "off." With the release of Service Pack 2 (SP2), that default behavior has changed to "on."

The general purpose of SP2 is to increase the security of the OS by closing security holes, fixing bugs, and implementing better security protocols like actually turning on the firewall. Of course, the activation of the firewall with new default settings will cause some systems to stop working properly after installing SP2. Solving this problem will require some changes to the standard configuration.

Solution

If you found it necessary to tweak the XP firewall settings before SP2, take note that Microsoft has made a few changes to the firewall interface. To get to the firewall configurations, you first need to navigate to Network Connections in the Control Panel. Once there, you should see a list of connections. Right-click the Local Area Connection and click on Properties in the ensuing dropdown box. Click the Advanced tab on the properties dialog box to get to the firewall interface shown in Figure A.

Figure A

Connection Properties

Notice that the installation of SP2 has changed this dialog box just a bit. There's no longer a check box for turning on/off the firewall on this page—it's on by default. To get to the real heart of the configuration, click the Settings button on this screen to reach the dialog shown in Figure B.

Figure B

Firewall On/Off

This is the new dialog box installed with SP2. As you can see, you have the option to turn off the firewall or to actually strengthen the configuration by disallowing exceptions to the firewall protection. Blocking exceptions when you connect to public networks, such as those found at airports or coffee shops, will give you that extra bit of protection. Clicking the Exceptions tab will take you to a dialog similar to the one shown in Figure C.

Figure C

Exceptions

Settings on the exception tab allow you to specify programs and services that you want designated as exceptions to the current firewall settings. You can also change which ports are open and closed from this tab. All of these configuration settings require a certain amount of advanced expertise and should not be changed without specific knowledge of the consequences.

The last tab on the firewall configuration interface is Advanced (see Figure D). This is where you can set exceptions for each connection you may have enabled on your system.

Figure D

Advanced

In addition, the Advanced tab is where you can adjust security logging when troubleshooting and configure the Internet Control Message Protocol (ICMP), which allows for the sharing of status information across the network. As with the Exceptions settings, changing these configurations requires a fairly significant level of expertise and should be approached with proper caution.

Better than nothing

Even after installing XP Service Pack 2, the Windows firewall will never be confused with the more powerful firewalls available from third parties, but it's better than no firewall at all. No matter what firewall you're currently running, after installing SP2, you'll likely have to make some adjustments to the new default configuration.

Next Steps: Build your skills with these hand-picked resources
> Windows XP Service Pack 2 Resources
> Step-By-Step: Configure the Internet Connection Firewall to allow Remote Desktop
> Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2
> MKBA - 843090: Description of the Windows Firewall feature in Windows XP Service Pack 2
> Microsoft Security Developer Center: Windows Firewall

About

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.

Editor's Picks