Troubleshooting network problems can be quite daunting at times and a recommended good practice when troubleshooting Windows Firewalls is to enable the native logs. If you need to verify whether a firewall rule is blocking or allowing traffic, you should enable logging, re-create the problem and then examine the log files. By default, Windows Firewall saves log entries in %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log. It stores the last 4 KB of data and to enable it follow these steps:
- Open Network and Sharing Center, click Windows Firewall and then click Advanced settings
- In the Windows Firewall with Advanced Security snap-in, right click Windows Firewall with Advanced Security and select Properties
- In the Windows Firewall with Advanced Security on Local Computer Properties window, select the Domain Profile, Private Profile or Public Profile tab.
- In the Logging group, click the Customize… button.
- In the Customize Logging Settings for …. Window, select Yes from the Log dropped packets: and Log successful connections: drop down lists.
- Click OK
Remember, in a production environment this log will be almost constantly written to, which can cause a performance impact. So, I do recommend you to disable logging when you're pleased with information collected and there's no need for further testing.
No comments:
Post a Comment