Configure the Windows Firewall Log

By default logging is disabled for all network profiles in Windows Firewall. So if you want to log dropped packets, or successful connections, you will have to enable logging of these occurrences. You can choose to enable logging locally on a single computer, or you can enable it for several computers, by defining it in a GPO.

Enabling logging can be useful in situations where you are trying to find out why certain type of network communication isn’t working as expected on a server. Personally I always enable logging of dropped packets on all of my servers, and set the maximum log file size to 4MB.

The following procedures apply to Server 2008 R2 and Server 2012.

1. Configuring the Windows Firewall Log on a single computer

1.1 Click Start – Administrative Tools – Windows Firewall with Advanced Security
1.2 Right-click Windows Firewall with Advanced Security on Local Computer → Properties
fwlog1

1.3 On the network profile you want to enable logging, choose Customize in the Logging field.
fwlog2

1.4 Define your options. As you can see default log file path is %systemroot%\system32\LogFiles\Firewall\pfirewall.log
fwlog3

2. Configuring the Windows Firewall Log in a GPO

2.1 In a GPO, browse to the following location

Computer Configuration → Policies → Windows Settings →Security Settings → Windows Firewall with Advanced Security

2.2 Right-click Windows Firewall With Advanced Security – LDAP://…… – Properties
fwlog4

2.3 On the network profile you want to enable logging, choose Customize in the Logging filed.
fwlog5

2.4 Define your options.
fwlog6

As I wrote earlier, by default, you will find the log file at the following location, %systemroot%\system32\LogFiles\Firewall\pfirewall.log
You can open the file and view which packets have been dropped and which have been allowed.
partitioned2

This entry was posted in Microsoft, Windows Server, Windows Server 2008R2, Windows Server 2012 and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback.

Leave a Reply

Your email address will not be published. Required fields are marked *

Your email address will never be published.

Captcha * Time limit is exhausted. Please reload the CAPTCHA.