Configuring Windows Defender Firewall

Categories:

Windows Defender Firewall, which is included with Windows, helps prevent unauthorized users or malicious software from accessing your computer. Windows Defender Firewall does

not allow unsolicited traffic, which is traffic that was not sent in response to a request, to pass through the firewall. It also allows or blocks connections to and from other computers on a network. Windows Defender Firewall is sometimes referred to as Windows Defender for short, but it should not be confused with Microsoft Defender Antivirus software.

Understanding the Windows Defender Firewall Basics

The Windows Defender Firewall is the same app in Windows 10/11, but how you access them is a bit different. The only difference is the rounded corners that Windows 11 uses. Both Windows 10/11 use Control Panel to access the Windows Defender Firewall. In  Windows 10, you configure Windows Defender Firewall by clicking Start Windows System Control Panel Large Icons View Windows Defender Firewall.

In Windows 11, the easiest way to access Control Panel is by searching for the app. Then select, Large Icons View Windows Defender Firewall.

You can then decide what firewall options you want to set (as shown in Figure 15.4) like changing firewall notifications, turning the Windows Defender Firewall on or off, restoring defaults, setting advanced settings, and troubleshooting. FIGURE 15.4 Windows Defender Firewall settings

The Windows Firewall settings screen allows you to turn Windows Firewall on or off for both private and public networks. The On setting will block incoming sources, and the Turn Off Windows Firewall setting will allow incoming sources to connect.

There is also a check box for Block All Incoming Connections. This feature allows you to connect to networks that are not secure. When Block All Incoming Connections is selected, all incoming connections (even ones allowed in the Allowed Apps list) will be blocked by Windows Firewall.

Be aware that sometimes a third- party security solution that you have installed on your device may take control of your firewall settings.

Windows Defender Firewall with Advanced Security

You can configure more advanced settings by configuring Windows Firewall with Advanced

Security (WFAS) by using the Advanced Settings link (on the left-h and side) in the Windows Defender Firewall app. The Windows Defender Firewall with Advanced Security screen appears, as shown in Figure 15.5.

FIGURE 15.5 Windows Defender Firewall with Advanced Security

The scope pane to the left shows that you can set up specific inbound and outbound rules, connection security rules, and monitoring rules. The central area shows an overview of the firewall’s status when no rule is selected in the left pane. When a rule is selected, the central area shows the rule’s settings. The right pane shows the same actions as the Actions menu on the top. These are just shortcuts to the different actions that can be performed in Windows Defender Firewall. Let’s take a more detailed look at some of the elements available.

Inbound and Outbound Rules

Inbound and outbound rules consist of many preconfigured rules that can be enabled or disabled. Obviously, inbound rules (see Figure 15.6) monitor inbound traffic, and outbound rules monitor outbound traffic. By default, many are disabled. Double- clicking a rule will bring up its Properties dialog box (Figure 15.7).

FIGURE 15.7 An inbound rule’s Properties dialog box

You can filter the rules to make them easier to view. Filtering can be based on the profile the rule affects, on whether the rule is enabled or disabled, or on the rule group. You can filter a rule by clicking which filter type you want to use in the right pane or by clicking the Actions menu on the top of the screen.

If you can’t find a rule that is appropriate for your needs, you can create a new rule by right- clicking Inbound Rules or Outbound Rules in the scope pane and then selecting New Rule. The New Inbound (or Outbound) Rule Wizard will launch, and you will be asked whether you want to create a rule based on a particular program, protocol or port, predefined category, or custom settings.

As you are setting up the firewall rules, you have the ability to configure authenticated exceptions. No matter how well your system security is set up, there are almost always times when computers on your network can’t use IPsec. This is when you set up authenticated exceptions. It’s important to understand that when you set up these authenticated exceptions, you are reducing the security of the network because it allows computers to send unprotected IPsec network traffic. So, make sure that the computers that are added to the authenticated exceptions list are managed and trusted computers only.

Table 15.1 shows you some of the most common port numbers and what those port numbers are used for.

TABLE 15.1 Common port numbers

Port numberAssociated application or service
20FTP Data
21FTP Control
22Secure Shell (SSH)
23Telnet
25SMTP
53DNS
67/68DHCP/BOOTP
80HTTP
102Microsoft Exchange Server
110POP3
443HHTPS (HTTP with SSL)

Complete Exercise 15.2 to create a new inbound rule that will allow only encrypted TCP traffic.

EXERCISE 15.2

Creating a New Inbound Rule

  1. Open Control Panel and select Large Icons View Windows Defender Firewall.
  2. Click Advanced Settings on the left side.
  3. Right- click Inbound Rules and select New Rule.

EXERCISE 15.2 (Continued)

  1. Select a rule type. For this exercise, select Custom so that you can see all the options available to you. Then click Next.
  2. On the Program page, choose All Programs. Then click Next.
  3. Select the protocol type as well as the local and remote port numbers that are affected by this rule. For this exercise, choose TCP, and ensure that All Ports is selected for both Local Port and Remote Port. Click Next to continue.
  4. On the Scope page, choose Any IP Address for both Local and Remote. Then click Next.
  5. On the Action page, select Allow The Connection Only If It Is Secure. Click Next.
  6. On the Users page, you can experiment with these options if you want by entering users to both sections. Once you click one of the check boxes, the Add and Remove buttons become available. Click Next to continue.
  7. On the Computers page, you can choose what computers you will authorize or allow through this rule (exceptions). Again, you can experiment with these options if you want. Click Next to continue.
  8. On the Profiles page, select which profiles will be affected by this rule. Select one or more profiles and click Next.
  9. Give your profile a name and description, and then click Finish. Your custom rule will appear in the list of inbound rules, and the rule will be enabled.
  10. Double- click your newly created rule. Notice that you can change the options that you previously configured.
  11. Delete the rule by right- clicking it and choosing Delete. A dialog box will appear asking if you are sure. Click Yes.
  12. Close the Windows Firewall.

Leave a Reply

Your email address will not be published. Required fields are marked *