Greetings,this is the scenario: due to company policies and restrictions some ports are blocked and I can't ask them to be opened. I managed to have a 3G connection which I plan to use for specific traffic, but I don't want this connection to manage other traffic.Will the windows firewall allow me to state different policies for both connectionsand itwill route the internet traffic to each one?Hope this makes sense. Thanks in advance.W7 RC x64 running....

Hi, Thank you for your post. Regarding your question, I would like to share the following with you: Windows Vista defines three network profiles: domain, private, and public. Profile is the location type in the Windows Vista firewall. Each network is assigned a location that identifies its type. Windows Firewall with Advanced Security can enforce different policies (rules) based on the locations of the networks to which the computer is currently connected. The following are the three categories of networks in Windows Vista: Domain: The Windows operating system automatically identifies networks on which the computer can authenticate access to a domain controller for the domain to which the computer is joined. No other networks can be placed in this location. Restrictive Public: With the exception of domain networks, all networks are initially categorized as public. Networks that represent direct connections to the Internet or are in public places, such as airports and coffee shops, should be left public. Most restrictive Private: A network will be categorized as private only if a user or application designated it as private. Only networks located behind a private gateway device should be designated as private networks. Users will likely want to designate home or small business networks as private. More restrictive Only one profile can be active at a time on Windows Vista. If there are two network interfaces live in the system and one of them is on the domain while the other is on a public network, the public firewall profile will be applied to both. Profile order is applied as follows: 1. If all interfaces are authenticated to the domain controller for the domain of which the computer is a member, the domain profile is applied. 2. If all interfaces are either authenticated to the domain controller or are connected to networks that are classified as private network locations, the private profile is applied. 3. Otherwise, the public profile is applied. In this issue, because Windows Vista is directly connected to the Domain Controller a domain profile is applied; you may also assign another type to your 3G connection, (for example, you can configure it as Private) and setup some rules according your specific needs in Windows Firewall with Advanced Security for this type of profile. To configure the rules, please refer to the following document: Windows Firewall with Advanced Security Getting Started Guide http://technet.microsoft.com/en-us/library/cc748991(WS.10).aspx Meanwhile, I would like to share the following with you as well: Network Location-Aware Host Firewall http://technet2.microsoft.com/windowsserver2008/en/library/e26edbae-8458-4a22-9835-6ec3f1c8f57a1033.mspx Managing the Windows Vista Firewall http://technet.microsoft.com/en-us/magazine/2008.06.security.aspx Hope it helps. Thanks.Nicholas Li - MSFT

Hi, I just want to see how everything is going. If you have any questions or concerns on the recent information I've provided you, please feel free to let me know. Thanks. Nicholas Li - MSFT

Greetings Nicholas and thanks for your reply.I did a main computer change and didn't see your first reply. Reading those links you posted now.Thanks a lot. I'll let you know the results as soon as possible.Thanks again.W7 RC x64 running....

Greetings Nicholas,I'm unable to filter the traffic using the windows firewall.Even tho I managed to set both connections in different profiles, If I set rules to block specific programs for an interface, it doesn't work.This is what I did:3G Connection = Private ProfileLan Network = Public Profile (most restrictive)I added a rule to block in/out internet explorer in the 3G interface and for the private profile. But my network traffic software displays activity in my 3G connection instead of blocking.Am I missing something?ThanksW7 RC x64 running....

Hi, Thank you for your update. Lets check the rule which was created to block in/out internet explorer in the 3G interface and for the private profile by disabling the LAN connection. Will the 3G connection work after the LAN connection is disconnected? At this time, I alsowant to know if both the 3G connection and LAN connection can accesses Internet. If so, using the 3G connection for some specific traffic may not work when both the connections are active as it also depends on source IP address selection, routing table. I would also like to share the following with you: Source IP address selection on a Multi-Homed Windows Computer http://blogs.technet.com/networking/archive/2009/04/24/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx The IP routing table http://technet.microsoft.com/en-us/library/cc779122.aspx Thanks. Nicholas Li - MSFT

Hello, How are you doing? I would appreciate it if you could drop me a note to let me know the status of the issue. If you would like further assistance, please do not hesitate to let me know. It is my pleasure to help. :) Have a nice day! Nicholas Li - MSFT

Greetings Nicholas and thanks again for your interest.I'm out of the office for a week and I am using only the 3G connection at the moment. Once back early next week, I'll let ya know the results.Thanks again for everything. I really appreciate your efforts.Regards,Jaime.W7 RC x64 running....

Hi Jaime, Thank you for updating. I know you are out of office currently and maybe have no chance to try my suggestions. Please be assured that I am standing by for your response. If there are any updates on our issue, please do not hesitate to let me know and I will follow up with you as soon as possible. Thanks again for staying in touch.Nicholas Li - MSFT

Greetings again Nicholas,thank you so much for your interest in the issue. I'll be back tomorrow in the office and I'll start to test your recommendations.Just one quick question: Both interfaces - the lan and the 3G - have to be under the same profile to make the blocking rule work? After some reading and your helpful posts, it's my understanding that only one profile is active at one time and therefore both connections need the same profile.Thanks again in advance and sorry about my english.Best regards,JaimeW7 RC x64 running....

I just want to say hi and to see how things are going there. When you get a chance, please send me a quick note to let me know the current status of this issue. If the problem has been resolved or if you need additional information, please let us know. Thanks, and have a great day!Nicholas Li - MSFT

Greetings again Nicholas,it looks like we are doing something wrong cos it doesn't work if both interfaces are connected at the same time. This is my current configuration:- LAN network interface: no special rules, Private Profile.- 3G Conn interface: blocked incoming/outgoing traffic for Internet Explorer, Private Profile.If I do have both interfaces running, I can use IE and surf the web, but I still see that the 3G connection gets traffic.If I disconnect the LAN interface leaving the 3G connection connected, the firewall works and IE can't manage any traffic. Even I get a warning in the IE when doing the diagnostic, saying that the rule is blocking the traffic.But I'd like to have both interfaces connected at the same time, and avoid any traffic through the 3G one when using IE.Thanks in advance, again.Regards,JaimeW7 RC x64 running....

Hi Jaime, Thank you for your update. For Windows Firewall, please note only one Windows Firewall profile is active at a time, even when your computer is connected to multiple networks. More related information for your reference: Spotlight on Windows Firewall: Multiple Active Firewall Profiles in Windows (Please note the third paragraph.) http://blogs.technet.com/wsnetdoc/archive/2009/04/13/spotlight-on-windows-firewall-multiple-active-firewall-profiles-in-windows.aspx If there are two connections (interfaces) on the computer, firstly, Windows will determine which one will be used to establish the communication according to the routing table. Then, a proper firewall profile will be applied to the connection which is used and the Windows Firewall rules will be applied to this connection as well. At this time, I would still suggest that you refer to the following documents: The IP routing table http://technet.microsoft.com/en-us/library/cc779122.aspx Source IP address selection on a Multi-Homed Windows Computer http://blogs.technet.com/networking/archive/2009/04/24/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx Default Gateway Configuration for Multihomed Computers http://support.microsoft.com/kb/157025 Alternatively, as a workaround, to use the specific connection for specific rule, please just try disabling another connection at that moment. Thanks. Nicholas Li - MSFT

Hi Jaime, I would like to know how things are going on your end. Should you have any questions or concerns with the suggestions I provided, please don't hesitate to let me know. I look forward to hearing from you. Thanks! :-) Nicholas Li - MSFT

Greetings NicholasI'm unable to set the rule working. Even tho I have both interfaces under the same profile and I have rules set to block traffic incoming/outgoing from IE to the 3G interface, I'm still seeinghow the 3G connection is getting data.RegardsW7 RC x64 running....

Hi, Thank you for your response. If both the connections are active, the computer will determine which connection will be used and then the Windows Firewall profile and rules for the connection will work. From another perspective, Windows Firewall is not for determining which connection (interface) will be used. Windows Firewall http://www.microsoft.com/windows/windows-vista/features/firewall.aspx You can try the following to have a check: 1. Disable the LAN connection and just leave the 3G connection active. 2. Apply the firewall profile and configure the rules for this 3G connection. 3. Check if the rules work. 4. Disable the 3G connection and leave the LAN connection active, and perform the steps 2-3. Please also let us know the results. Thanks. Nicholas Li - MSFT

Hi, I just want to say hi and to see how thing are going there. If you have any concerns, please do not hesitate to let me know. Thanks, and have a great day!Nicholas Li - MSFT

Hello Nicholas again, i think I should be doing something wrong because I'm not able to block any Internet Explorer connection through the 3G device. These are the settings I'm using, just let me know if it should work: 1. both interfaces - lan and 3g device -in the private profile.2. specific rule to block IE traffic for the 3g interface. ThanksW7 RC x64 running....

Hi, Regarding specific rule to block IE traffic for the 3g interface., I suspect we cannot add this kind of rule which is just for a specific interface in Windows Firewall with Advance Security. For more information about Firewall Rule Wizard and how to add Firewall Rule, please also refer to the following: Firewall Rule Wizard http://technet.microsoft.com/en-us/library/dd448516(WS.10).aspx Add or Edit Firewall Rule http://technet.microsoft.com/en-us/library/cc753558.aspx Thanks. Nicholas Li - MSFT

Hi, I am currently standing by for an update from you and would like to know how things are going on your end. If there is anything I can do to help on this issue, please feel free to let me know. I am happy to be of assistance. :) Thanks!Nicholas Li - MSFT

Greetings Nicholas,reading the lastlinks you posted. I'll let you know the results as soon as possible.Best Regards,JaimeW7 RC x64 running....