Setting Up a Firewall: Windows XP Service Pack 2 - Advanced

Last updated August 14, 2009 10:34:45 AM PDT

Give more feedback

Learn how to use advanced settings for the Microsoft Windows XP Service Pack 2 Firewall to create exceptions for specific services.

In the right place? See basic setup instructions for initial configuration of Microsoft Windows XP Service Pack 2 Firewall.

Note: Before starting, disable all firewalls on your machine, including the Windows XP Service Pack 2 Firewall. Don't use Remote Desktop Connection (RDC) or a similar program to install firewall software. Directly connect to your Windows machine, install the firewall, configure it to allow connections to and from RDC, and then reconnect RDC. Otherwise, the firewall blocks the remote connection, and you can't access your machine.

Expand all

1. Enable specific services.

When the firewall detects the launch of an application requesting services from outside the computer, it automatically blocks it and asks you what to do. Select Keep Blocking, Unblock, or Ask Me Later.
The firewall adds unblocked applications to the "Programs and Services" list under the "Exceptions" tab.
To make exceptions, click the Exceptions tab in the "Windows Firewall" window.
Select the appropriate check boxes to let services through the firewall. Each service has at least 1 port assigned to it. Since open ports decrease firewall effectiveness, only select check boxes for services you need.

2. Enable services by port.

Click the Add Port... button to open an unlisted port.

3. Continue enabling by port.

Enter the name of the port in the "Name" field.
Enter the port number associated with the service in the "Port number" field.
Select the TCP or UDP button. This example demonstrates how to open the "TCP" port "5190" for AOL Instant Messenger (this step isn't necessary for most AOL Instant Messenger communications).
Click OK to save your changes.

4. Enable services by application.

To add an unlisted application, click the Add Program... button.

5. Continue enabling services.

Select the application you wish to add from the list or use the Browse button to find it.
Click OK or see Firewall Information and Setup for Advanced Users for a list of common applications and the ports they use.

6. Continue enabling services.

Enter the name of the port in the "Name" field.
Enter the port number associated with the service in "Port number" field.
Select the TCP or UDP button. This example demonstrates how to open the "TCP" port "5190" for AOL Instant Messenger (this step isn't necessary for most AOL Instant Messenger communications).
Click OK to save your changes.

7. Ensure firewall is enabled.

After saving changes, check the network device icon in the "Network Connections" window. The word "Firewalled" listed after the word "Enabled" indicates an active firewall.

8. Enable logging.

To enable firewall logging (for viewing denied incoming connections) go to the "Security Logging" heading and click the Settings tab.
Select the Log dropped packets check box.
If necessary, use the Browse... button to change the location of the log file from the default: C:WINDOWSpfirewall.log
Click OK to save changes made in the "Advanced Settings" window. You will lose your changes if you close this window without clicking OK.

9. Finish the procedure.

After enabling your firewall, the network device icon lists the word "Firewalled" after the word "Enabled" to indicate an active firewall.

Expand all

For more information, contact the ACT Help Desk, (858) 534-1853.

Technology

Firewalls

Departments

ACT

Setting Up a Firewall: Windows XP Service Pack 2 - Advanced

Departments

See Also