Windows Firewall maintains a separate profile (that is, a complete collection of settings, including rules for various programs, services, and ports) for three different network location types:
Domain This is used when your computer is joined to an Active Directory domain. In this environment, firewall settings are typically (but not necessarily) controlled by a network administrator.
Private This is for when your computer is connected to a home or work network in a workgroup configuration.
Public This is intended for when your computer is connected to a network in a public location, such as an airport or library. It’s common—and recommended—to allow fewer programs and have more restrictions when you are on a public network.
If you’re simultaneously connected to more than one network (for example, if you have a Wi-Fi connection to your home network while you’re connected to your work domain through a virtual private network, or VPN, connection), Windows 7 will use the appropriate profile for each connection with a feature called multiple access firewall profiles (MAFP). (Note that this is not the case in Windows Vista, which uses the most restrictive applicable profile when the system is connected to multiple networks at the same time.)
You make settings in Windows Firewall independently for each network profile. The settings in a profile apply to all networks of the particular location type to which you connect. For example, if you allow a program through the firewall while connected to a public network, that program rule is then enabled whenever you connect to any other public network. But the program is not enabled when you’re connected to a domain or private network unless you have allowed the program in those profiles.