For inbound rules, use these settings to specify which computers or computer groups can connect to the local computer. For outbound rules, use these settings to specify the computers or computer groups to which this computer can connect.

Important

To use these options, the firewall rule action must be set to Allow the connection if it is secure. To be considered secure, the network traffic must be protected by a connection security rule that requires authentication by using a method that includes computer identification information, such as Kerberos version 5, NTLMv2, or a certificate with certificate-to-account mapping enabled.

To get to this wizard page
  1. From the Windows Firewall with Advanced Security MMC snap-in, right-click Inbound Rules or Outbound Rules, and then click New rule.

  2. Click Next through the wizard until you reach the Action page.

  3. On the Action page, select Allow the connection if it is secure.

  4. Click Next through the wizard until you reach the Computers page.

Authorized computers

Use this section to identify the computer or group accounts that are allowed to make the connection specified by the rule.

Only allow connections from/to these computers

  • For inbound rules, select Only allow connections from these computers to specify which computers can connect to this computer. Network traffic that is not authenticated as coming from a computer on this list is blocked by Windows Firewall.

  • For outbound rules, select Only allow connections to these computers to specify the computers to which this computer is allowed to connect. Outbound network traffic sent to computers that cannot be authenticated as a computer on the list is blocked by Windows Firewall.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in the Select Users, Computers and Groups dialog box. To remove a computer or group from the list, select the computer or group, and then click Remove.

Exceptions

Use this section to identify computer or group accounts that might be listed in Authorized computers, possibly because the computer or group account is a member of a group, but whose network traffic must be blocked by Windows Firewall. For example, Computer A is a member of Group B. Group B is included in Authorized computers, so network traffic authenticated as coming from a computer in the group is allowed. By placing Computer A in the Exceptions list, network traffic authenticated as coming from Computer A is not processed by this rule, and so is blocked by the default firewall behavior unless some other rule allows the traffic.

Skip this rule for connections from/to these computers

  • For inbound rules, select Skip this rule for connections from these computers to specify which remote computers are exceptions to this rule.

  • For outbound rules, select Skip this rule for connections to these computers to specify the remote computers that are exceptions to this rule.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in Select Users, Computers and Groups dialog box. To remove a computer or group from the list, select the computer or group, and then click Remove.

How to change these settings

After you create the firewall rule, you can change these settings in the Firewall Rule Properties dialog box. This dialog box appears when you double-click a rule in either Inbound Rules or Outbound Rules. To change these settings, select the Computers tab.

Additional references


Table Of Contents