Windows Firewall with Advanced Security is a host-based firewall that filters both incoming and outgoing traffic. Windows Firewall with Advanced Security uses the Network Location-Aware feature is to let Windows Vista administrators define a level of protection based on the network to which the user connects. As mobile users roam from their corporate network to a Private network, or to a Public network such as an Internet cafe, Windows Firewall with Advanced Security can enable and disable connectivity or features such as:
• File and Print Sharing
• eHome Media Center Extender
• Windows Connect Now Devices
• PnP-X (plug and play for networked devices)
• Network Explorer
• Peer To Peer Discovery
To achieve this, Windows Firewall with Advanced Security uses three separate profiles for filtering traffic. The computer automatically detects the network connection and uses the appropriate profile. Windows Firewall with Advanced Security supports the following profiles:
• Domain. The domain profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to an Active Directory domain in which the computer is a member. For example, you might configure rules for the domain profile for the programs needed by a managed computer in an enterprise network. The NLA Service controls when settings for a profile apply.
• Private. The private profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to a private network. For example, a mobile user might take their computer home and connect it behind a private gateway device (such as a router) on their home network. When Windows detects the network, a dialog box will appear
• Public. The public profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected directly to the Internet. For example, a laptop computer might be taken on the road and connect to the Internet using a public broadband or wireless Internet Service Provider (ISP) or hotspot. Because the laptop connects directly to the Internet, this profile should contain more restrictive settings than the domain or private profile. Again, an end-user with administrator privileges selects whether a connection is Private or Public. If a user does not have administrator privileges and connects to any new network, Windows Vista uses the Public profile, which contains the most restrictive settings.
Windows Vista applies firewall rules based on the most restrictive active connection. For example, if a computer is a member of a domain, but it also connected to a network that the user has specified as Private, the rules for the Private profile apply.
One of my friend got problem on VPN performance in his server, so i refer him to look at this articles about optimizing the Remote Access connection:
Here is part of it:
Typical Bottlenecks in PPTP Configurations
PPTP connections suffer from two primary types of bottleneck: insufficient Internet bandwidth and CPU load on the PPTP server. The bandwidth problem is easy to conceptualize, since your Internet connection has to be shared between PPTP traffic and everything else that’s normally carried over it. You can easily calculate the theoretical maximum number of concurrent PPTP users by dividing your available Internet bandwidth by the average connection speed of your PPTP users. For example, an ISDN BRI line (about 1.5Mbps) could potentially support about 23 64Kbps ISDN users running at full tilt. If you’re willing to assume that each PPTP user will only use half as much bandwidth, then in theory, you can support twice as many users.
The additional CPU load added by PPTP is easy to quantify, but hard to predict. If you have a good performance baseline for your servers, you’ll already know what your standard server CPU load is, so checking the Processor object’s % Processor Time counter will tell you fairly quickly how things stand. You can also watch the Processor object’s % Processor Time counter on the RASMAN instance to see how much CPU time RAS itself is using. Overall, though, you’ll probably find that the additional overhead is negligible until you get more than 15 to 20 PPTP users on a single server. Since NT will allow you to add as many PPTP ports to your server as you want, be forewarned that allowing hundreds of concurrent ports may impose a speed penalty.
To reset TCP/IP to the default state at the time when the OS was installed. You can use the
NetShell (netsh.exe) utility to do that.
When you reset TCP/IP, it will rewrite all the important keys in the registry, which has the effect of removing and reinstalling the entire TCP/IP stack.
The NetShell utility is a command line tool (netsh.exe) that allows you to monitor and configure networking components on Windows XP/2003. To run this tool, go to the command prompt and type netsh. To display a list of commands that are available, type help, or simply type a question mark “?”.
The following commands are available:
Commands in this context:
.. – Goes up one context level.
? – Displays a list of commands.
abort – Discards changes made while in offline mode.
add – Adds a configuration entry to a list of entries.
alias – Adds an alias.
bridge – Changes to the `netsh bridge’ context.
bye – Exits the program.
commit – Commits changes made while in offline mode.
delete – Deletes a configuration entry from a list of entries.
diag – Changes to the `netsh diag’ context.
dump – Displays a configuration script.
exec – Runs a script file.
exit – Exits the program.
firewall – Changes to the `netsh firewall’ context.
help – Displays a list of commands.
interface – Changes to the `netsh interface’ context.
offline – Sets the current mode to offline.
online – Sets the current mode to online.
popd – Pops a context from the stack.
pushd – Pushes current context on stack.
quit – Exits the program.
ras – Changes to the `netsh ras’ context.
routing – Changes to the `netsh routing’ context.
set – Updates configuration settings.
show – Displays information.
unalias – Deletes an alias.
winsock – Changes to the `netsh winsock’ context.
The following sub-contexts are available:
bridge diag firewall interface ras routing winsock
To view help for a command, type the command, followed by a space, and then type ?.
Tip: You can use abbreviations, or just the beginning part of a command
instead of typing the entire command. For example, you can type int for
interface, h for help, and either q or b to exit the program. If you
want to go one level up in the path, type “..” without the quotes. You
can also type the entire command without going into the individual
contexts of netsh.
To reset TCP/IP, type the following at the command prompt:
netsh interface ip reset logfile_name
where logfile_name is the name of a log file in the current directory, e.g. resetlog.txt. You can also create a log file in a different folder if you provide the full path.
When you reset TCP/IP, the two areas of registry that are affected include:
You can check the log file for what setting have been changed since the default installation.
If you find the log is empty, it could be because the TCP/IP entries on your computer have not been changed since the default installation.