What is solicited network traffic and what is unsolicited network traffic?
Yes, solicited traffic is traffic that was initiated by you. Solicited traffic automatically gets a pass, no matter the port, because you initiated it. This alleviates a lot of the headaches of traditional firewalls, e.g., having to open up ALL the ephemeral ports, because Windows Firewall will keep track of the session state for you.
Related videos on Youtube
colemik
Updated on September 18, 2022Comments
-
colemik over 1 year
I've recently read a Microsoft Technet article on how Windows Firewall works. The author of the article uses concepts like 'solicited network traffic' and 'unsolicited network traffic' for a machine. I guess I don't fully understand the concept of those.
In relation to TCP protocol, is the solicited traffic a traffic that was initiated by a local machine?
In relation to UDP protocol, is there even sth like a solicited/unsolicited traffic or is all traffic unsolicited?
What about other protocols? (+can Windows Firewall filter those other protocols)
-
joeqwerty over 12 yearsStrange, I could swear that this was Evan Anderson's answer. My eyes must be failing me.
-
colemik over 12 yearsDoes 'initiated by me' reference only to the TCP based connection?
-
Ryan Ries over 12 yearsEven though UDP doesn't really have the concept of a "connection," most firewalls record the socket pair (source IP + port, destination IP + port) and will allow replies that fit this pattern until a timeout passes without traffic, tearing down the "connection". There is also a similar mechanism known as stateful packet inspection.