Windows Server

How to create a Windows firewall rule

Windows Firewall filters incoming traffic to help block unwanted network traffic. Optionally, Windows Firewall can also filter outgoing traffic to help limit the risk of malware. Although Windows Firewall’s default settings will work well with components built into Windows, they might prevent other applications from functioning correctly.

Windows Firewall’s default settings can also be significantly improved to provide even stronger protection by requiring authorization or limiting the scope of allowed connections.

You can also create this rule via the Windows Firewall (Windows Defender Firewall and Advanced Security, PowerShell as well.

The firewall windows can be accessed via the following path
– Control Panel
– System and Security
– Windows Defender Firewall

This will open the Windows Firewall “Advanced Settings and Advanced Security” as shown below. In order to create an inbound filter, follow these steps:
Program: A rule that allows or blocks connections for a specific executable file, regardless of the port numbers it might use. You should use the Program rule type whenever possible. The only time it’s not possible to use the Program rule type is when a service does not have its own executable.
Port: A rule that allows or blocks communications for a specific TCP or UDP port number, regardless of the program generating the traffic.
Predefined: A rule that controls connections for a Windows component, such as Active Directory Domain Services, File And Printer Sharing, or Remote Desktop. Typically, Windows enables these rules automatically.
Custom: A rule that can combine program and port information.

In this method, you have got two options
– You can choose to exclude WAC from the firewall or
– Create a firewall rule with for the TCP/IP

I will opt for the option to exclude the program option and select the the

%ProgramFiles%\Windows Admin Center\sme.exe

Click to allow connections to the program as shown below

Select the profile it should apply to. Since this is a test environment, I will select all the profiles as shown below. The firewall profiles are:
Domain: Applies when a computer is connected to its Active Directory domain. Specifically, any time a member computer’s domain controller is accessible, this profile will be applied.
Private: Applies when a computer is connected to a private network location. By default, no networks are considered private—users must specifically mark a network location, such as their home office network, as private.
Public: The default profile applied to all networks when a domain controller is not available. For example, the Public profile is applied when users connect to Wi-Fi hotspots at airports or coffee shops. By default, the Public profile allows outgoing connections but blocks all incoming traffic that is not part of an existing connection.

Enter the firewall name and description of the rule and click on Finish

Note: Further parameters can be configured to permit traffic from certain IP ranges etc. For more information, see https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x