In this tutorial we are going to cover the basics and some advanced features of the native windows 10 firewall. In summary we will explain some basic host firewall configuration and demonstrate some practical scenarios on how to block or allow inbound and outbound traffic to or from a host running windows 10.
Presentation of Windows Defender Firewall and Some basic terminologies.
The main functionality of the Windows Defender Firewall is to tracks the operating state and characteristics of network connections traversing it. The firewall is configured to distinguish legitimate network packets for different types of connections. Only packets matching a known active connection are allowed to pass the firewall.
Below is a presentation of the Windows Defender firewall. We can see options for configuring Inbound and Outbound Connection rules and performing active Monitoring
- Inbound Rules: define the traffic allowed to the laptop on which ports and from which sources. If no inbound rules are configured, no incoming traffic is permitted.
- Outbound Rules: define the traffic allowed to leave the laptop on which ports and to which destinations.
The screen capture below illustrates a list of services that have open ports to receive incoming connections from the internet. Teams.exe service which is the Microsoft collaboration platform is used to demonstrate inbound rules settings
The service is disabled as shown below
Teams is experiencing a connection outage due to the fact that inbound connections (incoming) have been blocked in the firewall.
Reenabling the inbound rule for team allows the application to get back online
The green tick on the profile picture shows connectivity has been reestablished
Outbound rules on the other hand concerns connections that are initiated by a specific list of services towards the internet or adjacent network. In this scenario Microsoft edge browser will be disabled hence stopped from sending http request to the internet.
Disabling Microsoft Edge browser in its context menu
Outgoing connections from Microsoft Edge to the internet (google.com) are blocked. From the screenshot below the web site is unreachable
The windows 10 Defender firewall enables the user of administrator to manage incoming and outgoing connection request to and from a given end point running windows 10.