Create an application rule

Note: If you use role-based administration:
  • You must have the Policy setting - firewall right to configure a firewall policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

To create a custom rule which allows fine control over the access allowed for an application:
  1. Double-click the firewall policy you want to change.
  2. On the Welcome page of the Firewall Policy wizard, click Advanced firewall policy.
  3. Under Configurations, click Configure next to the location for which you want to configure the firewall.
  4. Click the Applications tab.
  5. Select the application in the list, and then click Custom.
  6. In the Application Rules dialog box, click Add.
  7. Under Rule name, type a name for the rule.
    The rule name must be unique within the list of rules. Two application rules cannot have the same name, but two applications can each have a rule with the same name.
  8. Under Select the events the rule will handle, select the conditions that the connection must match for the rule to apply.
  9. Under Select the actions with which the rule will respond, select either Allow it or Block it.
  10. Do one of the following:
    • To allow other connections to and from the same remote address while the initial connection exists, select Concurrent connections.
      Note: This option is only available for TCP rules, which are stateful by default.
    • To intelligently allow replies from the remote computer based on the initial connection, select Stateful inspection.
      Note: This option is only available for UDP and IP rules.
    Note:

    On Windows 8 and later, these options do not apply as Stateful inspection is always used and Concurrent connections are not supported.

  11. Under Rule description, click an underlined value. For example, if you click the Stateful TCP link, the Select Protocol dialog box opens.