skip navigation
University of Illinois | Home | Help Desk | Status | CIO | Site Map |
CITES logo
skip navigation

Windows XP native firewall: ICF

CITES > firewall > winxp

 

Windows XP and ICF

The Windows XP operating system comes with a built-in one-way firewall called ICF (short for Internet Connection Firewall).

In Windows XP and Windows XP Service Pack 1, ICF is turned off by default. However, in Service Pack 2, ICF is turned on by default.

Pros and cons

Like any firewall, ICF holds both benefits and cautions for its users.

Pros:

  • Extremely simple interface
  • Fewer decision prompts than other firewalls

Cons:

  • More difficult to customize to specialized needs (for example, to permit your machine to run a web server or other service responding to requests originating from outside)
  • ICF only monitors incoming network traffic (coming from other machines). It neither monitors nor reports outgoing traffic (from your computer to the rest of the world). Therefore, if your system has a virus which causes it to try to attack other machines, ICF will not prevent it.

Activation

To enable the Windows XP ICF, open the Network Connections part of the Control Panel (Start -> Settings -> Control Panel -> Network Connections).

You may see several network connections listed in the Network Connections area. In this user's case, the available options include a dialup connection, an Ethernet (LAN) connection, and another Ethernet (LAN) connection which is a virtual adapter for a campus VPN client.

In this case, the correct icon to choose is the non-VPN LAN connection, which is highlighted:

Right-click on the network connection and choose Properties.

In the new window which opens, select the Advanced tab:

To turn on ICF, place a check mark in the box. (If you later wish to turn off ICF, simply remove the check mark.)

If your computer hosts a web server, mail server, or other feature where other machines should be permitted access to your hard drive, additional server-specific options are available under Settings. However, most users do not host their own web and mail servers, and will not need to perform this additional configuration.

Additional information for VPN users

The ICF firewall is very simple to use with the CITES VPN server. It does not need special configuration in order to permit connections to the CITES VPN. After installing the VPN client, simply make your connection as usual.

However, even with the VPN, your computer will not be able to run its own web server, FTP server, or other service replying to requests from outside. First, the ICF firewall is preconfigured to block requests initiated from outside (although responses to requests made by your computer are allowed). Second, the CITES VPN server does not allow you to create permanent connections with a fixed IP address; your VPN connection will eventually time out even if you leave your computer connected and running. The combination of these two factors means that the VPN does not provide a workaround for the fact that the ICF blocks unsolicited inbound communications.

More information

For more information on ICF, see Microsoft's Help feature on any Windows XP system. (The Help feature is located inside the Start menu.) Search for ICF and/or Firewall.

 
 

 

  Services by Category   Services by Audience
* Calendaring * New to Campus?
* Classroom Technologies * Students
* Computer Facilities * Faculty & Staff
* Computing Accounts * Instructors
* Educational Technologies * Techsupport Providers
* Email  
* Networking & Remote Access   Other Help
* Passwords * Training
* Security * Computing & Networking 101
* Services For Departments * Contacts
* Software * Glossary
* Telecommunications    
* Complete List of Services    

 

CITES welcomes comments about our services and comments about our web site.
Return to the top of this page.
Last modified August 18, 2006