Windows Defender Firewall provides security for incoming and outgoing traffic flows. In this video, you’ll learn about Defender Firewall configurations and how to create a customized exception rule.
Windows includes a firewall that’s integrated into the Windows operating system. Microsoft calls this the Windows Defender Firewall, and it should always be enabled to prevent anyone from gaining unauthorized access to your system. But there may be times when you need to troubleshoot a problem, and you have to change some of the configuration settings or enable or disable the firewall. You can do that as long as you have elevated permissions in the operating system. And if you’re managing your group of devices, then you probably have the permissions you need.
If you carry around a laptop, then you’re probably already familiar with different networks having different security concerns. So Windows Defender includes two different types of security postures. One when you’re on a public network, and another one when you’re on a private network. This means when you’re at home, your system is automatically configured to allow other devices on your local network to connect to your system to be able to share files or applications.
But if you’re in a coffee shop on a public Wi-Fi network, Windows recognizes that there are other security concerns here, and it changes your security posture to be associated with the public settings. This might change Windows to prevent anyone who’s on your local network from gaining access to any of the resources on your system.
But of course, Windows Defender Firewall also gives you options to be able to customize these public and private configurations. One of the options on the main customized settings screen allows you to block all incoming connections, including those in the list of allowed apps. This prevents anyone on the network from gaining any type of access to your system or application. So if you’re on a network where some additional security might be useful, you can easily click one button and prevent anyone from connecting to your system.
When you start using Defender Firewall, you’ll start to get messages on your screen when different applications are trying to connect to your system. And you can enable or disable those notifications so that you’re either always informed when these things happen or you’re never getting a message that anyone is trying to connect to your system. Because Defender Firewall is a host-based firewall, it knows all of the applications that are running on your system at any particular time.
This means that you can customize these security settings to either allow or disallow access to that application from other people on the network. Defender Firewall includes a list of applications that you can either enable or disable access from the private network or the public network. If you wanted to customize some of these rules, you could specify a particular port number to allow or disallow access. You can also choose from some predefined exceptions or firewall rules that are already defined within Defender Firewall. And you could even create a custom firewall rule that includes a number of different criteria that would allow or disallow access.
Defender Firewall is identical in both Windows 10 and Windows 11. I’m running my Windows 11 Workstation here, and this is my control panel. And inside the control panel is an option for Windows Defender Firewall. I’ll click that, and it will load the first screen for configurations on the firewall. You can see I have an option to allow an app or feature through the firewall. I can change notification settings. I can choose to turn on or off the firewall, or simply remove all of the settings and go back to defaults. And if you need to customize a rule, you can run through the advanced settings option of Defender Firewall.
Let’s look at a very simple firewall rule. We’ll click the option to allow an app or feature through Windows Defender Firewall. And here’s our list of available apps. We can choose here that we would allow people to have access to our system using something like remote desktop. And you can choose whether you would like to enable remote desktop on a private network or choose to enable it on a public network. This will allow you to decide when people would be able to connect to your system and what applications they would be able to use.
Let’s look at a more detailed firewall rule. We’ll go back to our Windows Defender Firewall front end, and we’ll choose the option for advanced . Settings this will bring up a larger view that gives us a number of different options for configuring firewall rules. Let’s see what options might be available if we wanted to configure an inbound rule to this firewall.
Let’s click on inbound rules to get a list of all of the rules that are currently configured in this firewall. And you can see there are a lot of rules that are already here, most of them dealing specifically with certain applications. Let’s build a custom rule that has a lot of different options that we might be able to choose from. I’ll right mouse click on inbound rules, and we’ll choose the option for new rule.
We’ve already seen that we can choose a specific application to be able to allow or disallow in a rule, so let’s go through other options that we might have, for example, a port number. I’ll select port number and click next. Defender Firewall asks if this rule applies to a TCP port or a UDP port. Let’s say this is TCP related. And we’re going to specify a port that’s on our system.
Let’s say we’re running a local web server on our computer. So we might want everyone to access this server over port 80 and port 443. We’ll click next, and our other option would be to allow this connection, to allow the connection if it’s secure, in this case authenticated by IP SEC, or block the connection. In our case, we would like people to have access to this web server, so we’ll choose to allow the connection.
We’ll click next, and we have the option to apply this either to a domain, to a private network, or to a public network. Let’s say that when we are in a coffee shop that we would not want someone connecting to our machine. So we’re only going to allow this if we’re on a domain network or a private network, and we will uncheck the public network.
When we click next, Defender Firewall will ask us for a name for this rule. We’ll call it inbound web server traffic. And we will click finish, and we have now created a new rule for our firewall that will work on our local domain and our private networks to have other people access our web server.