Check-out our new look and give us some feedback!

Windows Firewall Basics

Posted on by David Singer | Updated:
Reading Time: 8 minutes

A firewall is a program installed on your computer or a piece of hardware that uses a rule set to block or allow access to a computer, server or network. It separates your internal network from the external network (the Internet).

Firewalls can permit traffic to be routed through a specific port to a program or destination while blocking other malicious traffic. A firewall can be a hardware, software, or a blending of both.

In this tutorial we'll be covering:

How Does A Firewall Operate?

The firewall has two network connections. One is facing outward towards the WAN (wide area network or Internet), and the other one is facing inwards towards your private network or LAN (local area network).These firewall connections allow for specific traffic to travel from one side one the network to the other.A firewall seperates a private network from a public network.

A firewall faces outward towards WAN while the other side faces inward towards a LAN.
Picture Credit: Bruno Pedrozo
Stateful or Stateless?

There are two types of firewalls; Stateful or Stateless.

Stateful firewalls keep track of the state or type of connection that is made and can remember specific traits of that connection. For example, if you connect to a server via FTP, the connection details are noted and retained by the firewall and will allow that traffic to pass back and forth unchecked. Other traits may include details like the IP address or ports participating in the actual connection.

Stateless firewalls block or allow Internet traffic to a server based on a firewall ruleset or, the origin and destination web addresses requested by the server. Stateless firewalls do not inspect the packets of information sent to or from the server.

How Do I Access The Windows Server Firewall?

The windows firewall interface can be accessed multiple ways. The first way we will look at is via the windows search function.

  1. Login to your server using your preferred remote desktop application.
  2. Click the search icon and type in “firewall“. Then, click on the “Windows Firewall with Advanced Security” icon.On a Windows server, click on the search icon and type "firewall" and then click on "Windows Firewall with Advanced Security" to access this built-in firewall.
  3. This will open the firewall management interface.

The second way to access the Windows firewall interface is via the Start menu.

  1. Click on the Windows Start button in the lower left corner of the screen.
  2. Click on the Windows Administrative Tools action box.
  3. Then, click on the Windows Firewall with Advanced Security.

In this general overview, you can verify that the firewall is up and running and also show what each profiles current settings are.

What Are Profiles?

Profiles are simply a grouping of firewall rules dependent on where a server is connected.

Domain Profile: This profile is used when the server is connected to a domain controller, which in turn is controlling a windows domain. This profile should be the least restrictive of the other domain profiles because security is usually very well controlled.

Note:
Since a server can only be joined to one domain at a time, if it is not joined to the Domain Profile noted above, it will be joined to a Public or Private network. The following two profiles are where the server will then be joined.

The Windows Firewall shows the different kinds of profiles it employs.

Private Profile: This profile is used if the server is part of or within a private network not directly connected to the Internet. In these cases, the server will be behind a router or hardware firewall. (This profile should be less restrictive than the domain profile above because security is usually well controlled)

Public Profile: This profile is used when the server is connected directly to a public network like a restaurant, library or airport. (This profile should be the most restrictive because security is usually not well controlled or uncontrolled)

How Do I Turn Windows Firewall On or Off

  1. To turn the Windows Firewall off or on, open the firewall using one of the methods listed above in the “How Do I Access The Windows Server Firewall?” section.Windows Firewall Properties
  2. Once open, click on the Windows Firewall Properties link below the profile section.
  3. This will open a dialog box denoting the three different profiles discussed earlier (as well as the IPsec Settings tab)Windows Firewall Properties dialog box
  4. Under the Domain Profile tab, click on the Firewall state dropdown menu and select off.
  5. Depending on your settings and need, you can also disable the Firewall of the other profiles(highlighted in red above).
  6. Once you have disabled the firewall for the selected profile, click Apply, then OK.
  7. To turn the Firewall back on, simply reverse the process. Select the Profile you wish to enable the firewall for, click on the dropdown and select On (recommended).
  8. Once you have re-enabled the firewall for the selected profile, click Apply, then OK.

What the Windows Firewall Blocks And What It Does Not

There are several basic behaviors of the Windows Firewall.

  1. Windows Firewall never blocks outgoing traffic.
    Any requests sent out from the server will not be hindered in any way.
  2. Windows Firewall blocks all incoming traffic except for traffic that is in responses to a request.
    This means that if you make a request to Google, Google’s inbound reply to your outbound request will not be blocked.
  3. Windows Firewall blocks all other traffic.
    This means that any traffic not explicitly allow is blocked in the firewall.

There are two kinds of exceptions included in the basic firewall behavior: Port Exceptions and Program Exception.

Port exception:

Port exceptions are linked to a port you open via a firewall rule or, a port you open that is limited by IP via a firewall rule.

  • Windows Firewall does not block inbound traffic that is routed through a port you have specifically opened.
    If you have opened port 2302 (UDP) to play Halo: Combat Evolved, (because who doesn’t love a little Halo action) the firewall rule will allow the game’s info to be transmitted back and forth over the internet without interference.

Open a Port in the Firewall

  1. In the Windows Firewall with Advanced Security window, right-click Inbound Rules, and then click New Rule in the action pane.
  2. Rule Type dialog box, select Port and then click Next.Rule Type dialog box
  3. In the Protocol and Ports dialog box, select TCP. Then select Specific local ports, and then type the port number.The Protocol and Ports dialog box you'll want to select TCP for FTP connections.
  4. In the Action dialog box, select Allow the connection and then click Next.Selecting "Allow the connection" is one of the steps in opening a port in your Window's firewall.
  5. In the Profile dialog box, select any profiles that apply and then click Next.When setting up a firewall you must choose the type of profile to apply.
  6. In the Name dialog box, type a name and description for this rule, and then click Finish.When opening up a Window's Firewall port you'll be asked to name the rule.
  7. At this point, you will be dropped back to the main firewall screen. The newly opened port will also be listed on the right side of the window, with options to delete, copy or disable.You will now see a new rule in the Main Firewall rules in the center section,as well as a new listing in the right window panel.

Close a Port in the Firewall

  1. To remove a specific rule, start at the basic firewall view.
  2. Select Inbound Rules in the top left window panel.
  3. Select the rule you would like to remove and either right-click the rule and click delete or…Remove a rule by right-clicking the rule to delete.
  4. Select the rule from the right-hand window pane (in this case, FTP 21), and click on Delete.
  5. A dialog box will pop up asking you to confirm the rule removal, click Yes.
    Rule deleted!
    Program exception:
    A program exception is where a firewall rule is set up to ignore inbound and outbound traffic from a specific program. Windows Firewall will let you create firewall rules to allow traffic through a specific port from a limited range of IP addresses. Let’s say you want to upload a picture via FTP to your server from your home and your IP address range used is 10.0.0.1 – 10.0.0.5. You can link that newly opened port to accept only IP’s in the range of 10.0.0.1 – 10.0.0.5 so only those IP’s can reach the server via FTP.

Open a Port in the Firewall for a Program:

  1. Click on the “Inbound Rules” option on the top left of the firewall interface. Then, click on the “New rule…
  2. Under “Rule Type”, select the option “Program” and then click “Next”.For a firewall rule to be applied to a specific program, create a new rule and then select program in the Rule Type section.
  3. Next, select the option “This Program path” and click “Next”.
  4. In this field, you can begin typing the path/location of the program to allow. In this case, we selected Windows Mail and click “Next”.Browse the program path when inputting a new rule.
  5. Next, we select the option “Allow the connection” and then click “Next”.
  6. Select the profile the rule will be applied to. (We have allowed all three for demonstration purposes. Your selection may vary.)
  7. Select a name and description for this rule and then Click “Finish”.
  8. At this point, you will be dropped back to the main firewall screen. You will now see a new rule in the Main Firewall rules in the center section, as well as a new listing in the right window pane

Close A Port in the Firewall for a Program

Removing a port for a specific program is a lot easier than opening it! To remove an existing rule for a program:

  1. Go back into the firewall’s main interface
  2. Click on “Inbound Rules” in the left window pane.
  3. Select the rule you would like to remove (we are going to remove the FTP rule we added earlier). Rght-click on the rule which will open a context menu. Then click Delete.Remove the rule within the Windows Firewall interface.
  4. Another dialog box will pop up asking you to confirm the rule removal, click yes.

In summary, the windows firewall passes all outgoing traffic and allows incoming responses to that outbound traffic, allows incoming port/program exceptions and rejects all other incoming traffic. Overall, the windows firewall is a robust, easily configurable security feature that will provide the needed levels of protection to keep your server safe.

About the Author: David Singer

I am a g33k, Linux blogger, developer, student, and former Tech Writer for Liquidweb.com. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....

Refer a Friend
Get 33% off the first 3 months on a new VPS!
Categories
Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434

Latest Articles

Tutorials

How to Edit Your DNS Hosts File

Read Article
Getting Started

How to Edit Your DNS Hosts File

Read Article
Security Bulletins

Microsoft Exchange Server Security Update

Read Article
Technical Support

How to Monitor Your Server in WHM

Read Article
WHM + cPanel

How to Monitor Your Server in WHM

Read Article