See also : How Windows Firewall Works
Windows Firewall Service Dependencies
Windows Firewall runs in the Windows Firewall/Internet Connection Sharing service and is dependent on several subsidiary services. If any of the subsidiary services are not running or cannot be started, Windows Firewall might not start or run properly. Windows Firewall depends on the following services.
Application Layer Gateway Service
The Application Layer Gateway Service (sometimes known as the ALG service) is required if you enable Windows Firewall on a computer that is an FTP client or FTP server that does not use PASV FTP. The Application Layer Gateway Service listens for outgoing FTP traffic from an FTP client. It then extracts the port from which the FTP client is expecting to receive data and creates an appropriate dynamic port mapping for the FTP data channel.
The Application Layer Gateway Service and Windows Firewall interact as follows:
- If the Application Layer Gateway Service is disabled and you try to enable Windows Firewall, Windows Firewall will start, but FTP traffic that does not use PASV FTP might fail.
- If you stop the Application Layer Gateway Service while Windows Firewall is running, Windows Firewall will continue to run, but FTP traffic that does not use PASV FTP might fail.
- If the Application Layer Gateway Service is stopped and its startup type is set to Manual, then the Application Layer Gateway Service will attempt to start when you enable Windows Firewall.
DCOM Server Process Launcher
The DCOM Server Process Launcher service (sometimes known as the Dcomlaunch service) is new in Windows Server 2003 with Service Pack 1 (SP1); it is responsible for starting all DCOM-related services. Because Windows Firewall relies on DCOM, the DCOM Server Process Launcher service must be running when you start Windows Firewall.
The DCOM Server Process Launcher service and Windows Firewall interact as follows:
- If the DCOM Server Process Launcher is disabled and you try to enable Windows Firewall, Windows Firewall will not start because the Windows Firewall/Internet Connection Sharing service cannot start.
- You cannot stop the DCOM Server Process Launcher service, so it is not possible to configure the DCOM Server Process Launcher service if it is started and Windows Firewall is enabled.
- If the startup type for the DCOM Server Process Launcher service is set to Manual, and the DCOM Server Process Launcher is not started, you will not be able to enable Windows Firewall. If you attempt to enable Windows Firewall, a Windows Firewall dialog box will be displayed to indicate that another process that requires the network address translation driver (Ipnat.sys) is running.
Network Connections
The Network Connections service (sometimes known as the Netman service) manages all network connections that are created and configured in Network Connections in Control Panel. This service is also responsible for displaying network status in the notification area on the desktop (the area on the taskbar to the right of the taskbar buttons). Windows Firewall uses this service to identify and manage network connections.
The Network Connections service and Windows Firewall interact as follows:
- You cannot enable Windows Firewall if the Network Connections service is disabled.
- If you stop the Network Connections service while Windows Firewall is enabled, Windows Firewall will stop running and become disabled.
- If the Network Connections service is stopped and its startup type is set to Manual, the Network Connections service will attempt to start when you enable Windows Firewall. If the Network Connections service cannot start, Windows Firewall cannot be enabled.
Network Location Awareness
The Network Location Awareness service (sometimes known as the Nla service) collects and stores network configuration information, such as changes to the names and locations of IP addresses and domain names. The Network Location Awareness service component supports the Network Location Service, which provides the infrastructure that informs programs and the operating system of the network connections on a computer. Windows Firewall uses the Network Location Awareness service to determine which Windows Firewall profile to use.
The Network Location Awareness service and Windows Firewall interact as follows:
- If the Network Location Awareness service is disabled and you try to enable Windows Firewall, Windows Firewall will start but cannot determine which profile to use. In this case, Windows Firewall uses the settings for the standard profile.
- If you stop the Network Location Awareness service while Windows Firewall is running, Windows Firewall continues to run and use the settings for the profile that it is currently using.
- If the Network Location Awareness service is stopped and its startup type is set to Manual, then the service will attempt to start when you enable Windows Firewall.
Remote Procedure Call
The Remote Procedure Call service (sometimes known as the RpcSs service) is a secure interprocess communication (IPC) mechanism that enables data exchange and invocation of functionality that resides in a different process. That different process can be on the same computer, on the local area network (LAN), or across the Internet. The Remote Procedure Call service serves as the RPC Endpoint Mapper (EPM) and Service Control Manager (SCM).
The Remote Procedure Call service and Windows Firewall interact as follows:
- You cannot enable Windows Firewall if the Remote Procedure Call service is disabled.
- If you stop the Remote Procedure Call service while Windows Firewall is enabled, Windows Firewall will stop running and become disabled.
- If the Remote Procedure Call service is stopped and its startup type is set to Manual, then the service will attempt to start when you enable Windows Firewall. If the Remote Procedure Call service cannot start, Windows Firewall cannot be enabled.
Windows Management Instrumentation
Windows Management Instrumentation (WMI) is an infrastructure for building management programs and instrumentation released as part of the current generation of Microsoft operating systems. The Windows Management Instrumentation service (sometimes known as the Winmgmt service) provides a common interface and object model to access management information about operating system, devices, programs, and system services. Windows Firewall uses the Windows Management Instrumentation service to store per-connection settings and legacy (ICF) settings.
- You cannot enable Windows Firewall if the Windows Management Instrumentation service is disabled.
- If you stop the service while Windows Firewall is enabled, Windows Firewall will stop running and become disabled.
- If the service is stopped and its startup type is set to Manual, then the service will attempt to start when you enable Windows Firewall. If the Windows Management Instrumentation service cannot start, Windows Firewall cannot be enabled.