Firewall

A firewall is a security system that acts as a protective boundary between a network and the outside world. Internet Connection Firewall (ICF) is firewall software that is used to set restrictions on what information is communicated from your home or small office network to and from the Internet to your network.

If your network uses Internet Connection Sharing (ICS) to provide Internet access to multiple computers, ICF should be enabled on the shared Internet connection. However, ICS and ICF can be enabled separately. You should enable ICF on the Internet connection of any computer that is connected directly to the Internet. To check to see if ICF is enabled or to enable the firewall, see Enable or disable Internet Connection Firewall.

ICF also protects a single computer connected to the Internet. If you have a single computer connected to the Internet with a cable modem, a DSL modem, or a dial-up modem, ICF protects your Internet connection. You should not enable ICF on VPN connections because it will interfere with the operation of file sharing and other VPN functions.

How Internet Connection Firewall (ICF) works ?
ICF is considered a "stateful" firewall. A stateful firewall is one that monitors all aspects of the communications that cross its path and inspects the source and destination address of each message that it handles. To prevent unsolicited traffic from the public side of the connection from entering the private side, ICF keeps a table of all communications that have originated from the ICF computer. In the case of a single computer, ICF tracks traffic originated from the computer. When used in conjunction with ICS, ICF tracks all traffic originated from the ICF/ICS computer and all traffic originated from private network computers. All inbound traffic from the Internet is compared against the entries in the table. Inbound Internet traffic is only allowed to reach the computers in your network when there is a matching entry in the table that shows that the communication exchange began from within your computer or private network.

Communications that originate from a source outside ICF computer, such as the Internet, are dropped by the firewall unless an entry in the Services tab is made to allow passage. Rather than sending you notifications about activity, ICF silently discards unsolicited communications, stopping common hacking attempts such as port scanning. Such notifications could be sent frequently enough to become a distraction. Instead, ICF can create a security log to view the activity that is tracked by the firewall.

Services can be configured to allow unsolicited traffic from the Internet to be forwarded by the ICF computer to the private network. For example, if you are hosting an HTTP Web server service, and have enabled the HTTP service on your ICF computer, unsolicited HTTP traffic will be forwarded by the ICF computer to the HTTP Web server. A set of operational information, known as a service definition, is required by ICF to allow the unsolicited Internet traffic to be forwarded to the Web server on your private network.