Windows Firewall Overview (original) (raw)
Windows Firewall is a security feature that helps to protect your device by filtering network traffic that enters and exits your device. This traffic can be filtered based on several criteria, including source and destination IP address, IP protocol, or source and destination port number. Windows Firewall can be configured to block or allow network traffic based on the services and applications that are installed on your device. This allows you to restrict network traffic to only those applications and services that are explicitly allowed to communicate on the network.
Windows Firewall is a host-based firewall that is included with the operating system and enabled by default on all Windows editions.
Windows Firewall supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that can't be authenticated as a trusted device can't communicate with your device. You can use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
Windows Firewall also works with Network Location Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. For example, Windows Firewall can apply the public network profile when the device is connected a coffee shop wi-fi, and the private network profile when the device is connected to the home network. This allows you to apply more restrictive settings to public networks to help keep your device secure.
Practical applications
Windows Firewall offers several benefits to address your organization's network security challenges:
- Reduced risk of network security threats: By reducing the attack surface of a device, Windows Firewall provides an additional layer of defense to the defense-in-depth model. This increases manageability and decreases the likelihood of a successful attack
- Protection of sensitive data and intellectual property: Windows Firewall integrates with IPsec to provide a simple way to enforce authenticated, end-to-end network communications. This allows for scalable, tiered access to trusted network resources, helping to enforce data integrity and, if necessary, protect data confidentiality
- Extended value of existing investments: Windows Firewall is a host-based firewall included with the operating system, so no additional hardware or software is required. It's also designed to complement existing non-Microsoft network security solutions through a documented API
Windows edition and licensing requirements
The following table lists the Windows editions that support Windows Firewall:
| Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
|---|---|---|---|
| Yes | Yes | Yes | Yes |
Windows Firewall license entitlements are granted by the following licenses:
| Windows Pro/Pro Education/SE | Windows Enterprise E3 | Windows Enterprise E5 | Windows Education A3 | Windows Education A5 |
|---|---|---|---|---|
| Yes | Yes | Yes | Yes | Yes |
For more information about Windows licensing, see Windows licensing overview.
Concepts
The default behavior of Windows Firewall is to:
- block all incoming traffic, unless solicited or matching a rule
- allow all outgoing traffic, unless matching a rule
Firewall rules
Firewall rules identify allowed or blocked network traffic, and the conditions for this to happen. The rules offer an extensive selection of conditions to identify traffic, including:
- Application, service or program name
- Source and destination IP addresses
- Can make use dynamic values, like default gateway, DHCP servers, DNS servers and local subnets
- Protocol name or type. For transport layer protocols, TCP and UDP, you can specify ports or port ranges. For custom protocols, you can use a number between 0 and 255 representing the IP protocol
- Interface type
- ICMP/ICMPv6 traffic type and code
Firewall profiles
Windows Firewall offers three network profiles: domain, private and public. The network profiles are used to assign rules. For example, you can allow a specific application to communicate on a private network, but not on a public network.
Domain network
The domain network profile is automatically applied to a device that is joined to an Active Directory domain, when it detects the availability of a domain controller. This network profile cannot be set manually.
Tip
Another option to detect the domain network is to configure the policy settings in the NetworkListManager Policy CSP, which applies to Microsoft Entra joined devices too.
Private network
The private network profile is designed for private networks such as a home network. It can be set manually on a network interface by an administrator.
Public network
The public network profile is designed with higher security in mind for public networks, like Wi-Fi hotspots, coffee shops, airports, hotels, etc. It's the default profile for unidentified networks.
Tip
Use the PowerShell cmdlet Get-NetConnectionProfile to retrieve the active network category (NetworkCategory). Use the PowerShell cmdlet Set-NetConnectionProfile to switch the category between private and public.
Disable Windows Firewall
Microsoft recommends that you don't disable Windows Firewall because you lose other benefits, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, Windows Service Hardening, and boot time filters. Non-Microsoft firewall software can programmatically disable only the rule types of Windows Firewall that need to be disabled for compatibility. You shouldn't disable the firewall yourself for this purpose. If disabling Windows Firewall is required, don't disable it by stopping the Windows Firewall service (in the Services snap-in, the display name is Windows Defender Firewall and the service name is MpsSvc). Stopping the Windows Firewall service isn't supported by Microsoft and can cause problems, including:
- Start menu can stop working
- Modern applications can fail to install or update
- Activation of Windows via phone fails
- Application or OS incompatibilities that depend on Windows Firewall
The proper method to disable the Windows Firewall is to disable the Windows Firewall Profiles and leave the service running. See Manage Windows Firewall with the command line for detailed steps.
Next steps
Provide feedback
To provide feedback for Windows Firewall, open Feedback Hub (WIN+F) and use the category Security and Privacy > Network protection.