We are starting a Windows 7 pilot within my organization and the firewall is one of the new features we will be testing. Our general goal is to keep things pretty open in the domain profile and much more restrictive with the public and private profiles. My question is about applying the domain profile over a VPN connection. We use a 3rd party (Cisco) VPN client. When we connect a windows 7 machine to an external connection, its going to use the public or private profile. Once our client connects to the VPN connection, Id like to apply the domain profile. Is this possible?

Is anybody looking to use the firewall in an enterprise environment...using any 3rd party VPN client?

Hi, Regarding your question, I would like to say that we cannot apply the Domain profile to the network manually. Only when this computer identified this is a Domain network, the domain profile will be applied. If the network has been recognized as a Domain network, the profile cannot be changed manually. For your external connection, if it is not recognized as a Domain network, you can manually select its profile in Network and Sharing Center. In addition, for your better understanding about this, i would share the following with you: Windows Firewall with Advanced Security Getting Started Guide Exploring The Windows Firewall Hope this helps. Thanks. Nicholas Li - MSFT

We are having the exact same problem, with Windows 7 and Cisco Anyconnect VPN client. The issue is the same as you are having, where when a user connects, Windows is treating the VPN connection as part of the network they are connected to first. So for instance, if the user connects to a public network somewhere, when they connect with VPN, it seems to be using the Public firewall profile. Essentially, even with VPN connected, Windows firewall is blocking everything as if it were a public connection. Based on the reply and documentation and other threads that I've read, the solution I'm getting is that the user would have to select (when prompted) or manually select "Work" as the network type each and every time they connect to a new network. This will NOT work. We cannot rely on users to manually select settings. There needs to be something that is set one time, and applies so that the users don't need to be involved at all. So far though, I've seen nothing of this sort with Windows 7 firewall. One workaround that I found is to completely disable the firewall on the VPN connection in the advanced settings in Windows firewall. I guess this is one way around it, but again you are relying on the user to change this setting which is not a good way to handle things.

We are seeing the exact same thing as well.. In our case we are using the Cisco VPN Client and when the VPN is connected on the Windows 7 system, it does not detect it as a Domain Profile. What is the determining factors that 7 uses in order to detect it is a Domain profile. As quoted from the help file: Applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined. Well, I dont see how it couldnt be detecting it when I am able to access all the network resources in question when I am attached to the VPN. Please advise...

http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx This is a good read for anyone inquiring about Network Profiles..

I'm seeing this problem also. This is how we fixed it. Connect the Cisco VPN. Otherwise it isn't listed. Open Windows Firewall Advanced Security Click Windows Firewall Properties (middle about half way down) Click Private Profile Tab Click Customize next to Protected network connections. Uncheck the VPN network card only (this only shows up while the VPN is connected) You may want to check Network Connections to see how it's named. In our case it was "Local Area Connection 2" Do the same for the Public Profile Tab This removes the tunnel connection from the Firewall blocking and allows remote access through the tunnel.