117
Enforced Client Product Guide Using the Firewall Protection Service
Configuring policies for firewall protection
5
Configure IP addresses for a custom connection
Configure system services for a custom connection
Certain applications, including web servers and file-sharing server programs, must accept
unsolicited connections from other computers through designated system service ports. When
configuring a custom operating mode, you can:
Allow applications to act as servers on the local network or the Internet.
Add or edit a port for a system service.
Disable or remove a port for a system service.
Examples of system services that typically require ports to be opened are:
Email server — You do not need to open a mail server port to receive email. You need to
open a port only if the computer running the firewall protection service acts as an email
server.
Web server — You do not need to open a web server port to run a web browser. You need
to open a port only if the computer running the firewall protection service acts as a web
server.
Note
This section explains the following concepts and tasks relevant to configuring service ports:
Standard system service ports
Open a service port
Add and edit service ports
Close a service port
Standard system service ports
System services communicate through ports, which are logical network connections. Common
Windows system services are typically associated with particular service ports, and your
computer’s operating system or other system applications might attempt to open them. Because
these ports represent a potential source of intrusions into a client computer, you must open them
before the computer can communicate through them.
These commonly used standard service ports are listed by default on the Firewall Custom Settings
page, where you can open or close them:
File and Print Sharing
Remote Desktop
Note
Custom settings configured on the SecurityCenter are ignored on client computers if the
Firewall Protection Mode is set to Prompt mode. In Prompt mode, settings configured by
users override administrator settings.
Caution
Select a port for system services only if you are certain it must be open. You will rarely need
to open a port. we recommend that you disable unused system services.
An opened service port that does not have an application running on it poses no security threat.