Nathan

My feedback

  1. 43 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General Feedback » Other  ·  Flag idea as inappropriate…  ·  Admin →
    Nathan commented  · 

    While I suspect ETW could handle the event volume for a majority of end users, my instinct is to use this opportunity to implement a flag on each firewall rule that indicates whether hits should be logged. This would provide a mechanism for high-traffic hosts to only log hits on interesting rules to reduce log volume and also allow security administrators to limit the volume of events that reach their SIEM system.

    To the actual suggestion, for my use cases, this fits under the category "Nice to Have" but is not a deterrent from using Windows Firewall. That said, outside of a lab environment, I've never used Windows Firewall Security Associations to provide IPsec between domain computers, so I have no sense for the suitability of the existing logging with respect to Security Associations. It's tabled as a future enhancement for hardening inter-server communication but likewise it's more of a "Nice to Have" rather than a priority.

Feedback and Knowledge Base