All versions of Windows starting from XP have a built-in firewall that can be used to protect the operating system and filter all network traffic. The functionality and capabilities of the built-in Windows Firewall are not inferior to many third-party commercial firewall software: it allows you to restrict access to a computer from an external network, as well as allow or block Internet access for installed apps and services. Starting from Windows 10 1709, the built-in firewall is called Windows Defender Firewall with Advanced Security. In this article, we will show you how to set up Windows Defender Firewall on Windows 10.
In order to open the Windows Defender Firewall settings panel, run the classic Control Panel and go to System and Security > Windows Defender Firewall.
The screenshot below shows that Windows Defender Firewall is enabled and protects your computer.
To completely enable/disable Firewall in Windows 10, use the Turn Windows Defender Firewall on or off button.
Hint. Also you can enable/disable the Windows Firewall using PowerShell or from the elevated command prompt using the following command:
netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state on
If you incorrectly configured your Defender Firewall and completely blocked network access, you can reset all settings using the button Restore defaults (or following the guide).
Note that Windows Defender Firewall has three network profiles types:
- Domain profile – used if your computer joined to the Active Directory domain network;
- Private profile – your computer will be discovered on the network by other devices and will be available to share files and printers (used in home networks or in a workgroup);
- Public (Guest) profile – the settings of this profile limit access to your computer from the network and its detection as much as possible. This profile is usually used in public places – hotel, airport, café.
The profile is selected by the user when connecting to a new network for the first time, or is selected automatically (in the case of a domain).
To allow/block inbound or outbound connections for a specific profile, click Advanced Setting, right-click on the root of Windows Defender Firewall with Advanced Security > Properties.
You can manage the settings for each profile on a separate tab.
Please note that by default Windows Defender Firewall in Windows 10 blocks all incoming connections and allows all outgoing ones.
If you want to block Internet access from your computer, select Outbound Connection -> Block on all three tabs. In this case, outgoing connections will be denied for all programs except those allowed (Windows 10 has several pre-configured rules for system processes: access to Windows Update, Windows Store, updating the Windows Defender antivirus signatures, etc.).
Let’s try to add the Mozilla Firefox browser to the list of allowed programs.
Click on the Allow an app or feature through Windows Defender Firewall button in the left pane. A list of allowed Windows applications and services appears in the list. To add a new rule, click Allow another app.
Use the Browse button to specify the path to the executable file that you want to allow access to the Internet. We selected our browser’s executable file C:\Program Files\Mozilla Firefox\firefox.exe
Click OK and select for which network profiles this rule should be active.
You can configure Windows Defender Firewall rules more finely from the wf.msc console. Here you can create separate allowing or blocking rules for a specific program, protocol (TCP/UDP/ ICMP/IPsec), IP address or port number.
To create a new outbound rule, right click on Outbound Rules -> New Rule.
Next, follow a simple wizard to help you to create your own rule in Windows Defender Firewall.
In this example, we’ve enabled outbound connections for the putty.exe client.
Select Allow the connection and provide a name for the rule.
The new rule will appear in the Outbound rules list. You can disable it via the Disable rule option in context menu. This does not delete the rule, but it becomes inactive.
- Installing Active Directory Users and Computers MMC Snap-in on Windows 10 - November 26, 2020
- Convert Thick Provision Lazy Zeroed Disk to Thin on VMware ESXi - November 25, 2020
- Fix: Connection to Microsoft Exchange is Unavailable in Outlook - November 20, 2020