Screen-friendly
page
Printer-friendly
pageWindows XP Firewall
This page contains information about the ICF firewall which is built in to Windows XP and may be automatically turned on if you have Service Pack 2 or later installed.
Introduction
The Windows XP operating system comes with a built-in one-way firewall called ICF (short for Internet Connection Firewall).
In Windows XP and Windows XP Service Pack 1, ICF is turned off by default. However, in Service Pack 2 and later, ICF is turned on by default.
Pros and cons
Like any firewall, ICF holds both benefits and cautions for its users.
Pros:
- Extremely simple interface
- Fewer decision prompts than other firewalls
Cons:
- More difficult to customize to specialized needs (for example, to permit your machine to run a web server or other service responding to requests originating from outside)
- ICF only monitors incoming network traffic (coming from other machines). It neither monitors nor reports outgoing traffic (from your computer to the rest of the world). Therefore, if your system has a virus which causes it to try to attack other machines, ICF will not prevent it.
Activation
To enable the Windows XP ICF, open the Network Connections part of the Control Panel (Start -> Settings -> Control Panel -> Network Connections).
You may see several network connections listed in the Network Connections area. In this user's case, the available options include a dialup connection, an Ethernet (LAN) connection, and another Ethernet (LAN) connection which is a virtual adapter for a campus VPN client.
In this case, the correct icon to choose is the non-VPN LAN connection, which is highlighted:
Right-click on the network connection and choose Properties.
In the new window which opens, select the Advanced tab:
To turn on ICF, place a check mark in the box. (If you later wish to turn off ICF, simply remove the check mark.)
If your computer hosts a web server, mail server, or other feature where other machines should be permitted access to your hard drive, additional server-specific options are available under Settings. However, most users do not host their own web and mail servers, and will not need to perform this additional configuration.
Additional information for VPN users
The ICF firewall is very simple to use with the CITES VPN server. It does not need special configuration in order to permit connections to the CITES VPN. After installing the VPN client, simply make your connection as usual.
However, even with the VPN, your computer will not be able to run its own web server, FTP server, or other service replying to requests from outside. First, the ICF firewall is preconfigured to block requests initiated from outside (although responses to requests made by your computer are allowed). Second, the CITES VPN server does not allow you to create permanent connections with a fixed IP address; your VPN connection will eventually time out even if you leave your computer connected and running. The combination of these two factors means that the VPN does not provide a workaround for the fact that the ICF blocks unsolicited inbound communications.
More information
For more information on ICF, see Microsoft's Help feature on any Windows XP system. (The Help feature is located inside the Start menu.) Search for ICF and/or Firewall.