If you notice repeated unsuccessful attempts to access your firewall and/or other high profile systems from one IP address (or group of IP addresses), then you might want to write a rule to drop all connections from that IP space (making sure that the IP address isn’t being spoofed).To help and identify malicious activity - With the Firewall logging feature you can check if any malicious activity is occurring within your network or not, although you must remember it does not provide the information needed to track down the source of the activity.To determine if Windows Firewall is the cause of application failures - With the Firewall logging feature you can check for disabled port openings, dynamic port openings, analyze dropped packets with push and urgent flags and analyze dropped packets on the send path.
To verify if newly added firewall rules work properly or to debug them if they do not work as expected.
0 kommentar(er)
