How to Managing inbound and outbound rules on Windows 10 Defender Firewall.

In this tutorial we are going to cover the basics and some advanced features of the native windows 10 firewall. In summary we will explain some basic host firewall configuration and demonstrate some practical scenarios on how to block or allow inbound and outbound traffic to or from a host running windows 10.

In this tutorial we are going to cover the basics and some advanced features of the native windows 10 firewall. In summary we will explain some basic host firewall configuration and demonstrate some practical scenarios on how to block or allow inbound and outbound traffic to or from a host running windows 10.

Presentation of Windows Defender Firewall and Some basic terminologies.

The main functionality of the Windows Defender Firewall is to tracks the operating state and characteristics of network connections traversing it. The firewall is configured to distinguish legitimate network packets for different types of connections. Only packets matching a known active connection are allowed to pass the firewall.

Below is a presentation of the Windows Defender firewall. We can see options for configuring Inbound and Outbound Connection rules and performing active Monitoring



 

  • Inbound Rules: define the traffic allowed to the laptop on which ports and from which sources. If no inbound rules are configured, no incoming traffic is permitted.

  • Outbound Rules: define the traffic allowed to leave the laptop on which ports and to which destinations.

Inbound Rules

The screen capture below illustrates a list of services that have open ports to receive incoming connections from the internet. Teams.exe service which is the Microsoft collaboration platform is used to demonstrate inbound rules settings





The service is disabled as shown below




Teams is experiencing a connection outage due to the fact that inbound connections (incoming) have been blocked in the firewall.




Reenabling the inbound rule for team allows the application to get back online






The green tick on the profile picture shows connectivity has been reestablished





 

Outbound Rules

Outbound rules on the other hand concerns connections that are initiated by a specific list of services towards the internet or adjacent network. In this scenario Microsoft edge browser will be disabled hence stopped from sending http request to the internet.









Disabling Microsoft Edge browser in its context menu







Outgoing connections from Microsoft Edge to the internet (google.com) are blocked. From the screenshot below the web site is unreachable





 

Summary

The windows 10 Defender firewall enables the user of administrator to manage incoming and outgoing connection request to and from a given end point running windows 10.
 

Publier un commentaire