Connection Security Rules

The Connection Security Rules section of the Windows Firewall with Advanced Security console lists any rules implemented to enforce a predetermined form of authentication between two computers before establishing a true connection. 
By default, IPSec is used between two systems to ensure security of the information transmitted. When you select Connection Security Rules, there are no rules to start with. You have to add your own. So, you must select the New Rule option from the Actions pane. You are then presented with a list of options from which to choose, including

1. Isolation—This restricts connections based on such criteria as domain membership or health status. You can choose different authentication methods, such as Kerberos or computer certificate. You can ensure that if those certificates aren’t healthy (with NAP health policies), they won’t be accepted.
2. Authentication Exemption—This specifies computers that are exempt from connection authentication. You can do this through the IP address or an address range, a subnet, and so forth.
3. Server to Server—This rule authenticates connections between computers you specify. You specify the endpoints, which can be one computer on each side or groups of computers that are trusted on each side.
4. Tunnel—This rule is used to authenticate connections between gateway systems. Specified endpoints are handled through IP addresses. Authentication methods include certificates, preshared keys, or more advanced methods.
5. Custom—If none of the other rule types is appropriate, you can create a custom rule.