Windows 7 offers three types of networks as managed within the Network and Sharing Center: Home, Work, Public. Each type allows for customization of security policies such as what services are allowed through the Windows Firewall.
While the Home and Work types are relatively straight forward, what is Public is not always so. Sure, I have a string of thirty Starbucks and other Wifi hotspots that are obviously Public (as I set them to be upon connection), but you may encounter Public networks defined within your system that you were never given the choice to select in which category it fell. This special case of Public in fact is a network to which you connect that does not have a defined default gateway attribute. Microsoft further decided that these “unknown” Public networks cannot be made “known” with a reassignment to another class such as Work. So what’s the best way to handle this situation should you encounter it?
There is no single answer to the best means of addressing this Windows quirk, but there are common sense approaches that will allow consistent and predictable results. I outline the here one such avenue.
One of my typical use cases is creating special networks for my clientele. For example, in the graphic above I needed to demonstrate accessing a public static NAT through a next-generation firewall from a system within the same zone and interface upon which the “public” server resided. As the demonstration system is running virtual servers which are multi-homed, firewalled with true Internet access via another interface, adding a generic default gateway is never an option. So how can you have your cake and eat it too?
The answer is simple, add a weighted gateway to the interface then assign the connection to the zone in which you want it.