Windows Firewall Basics

What is Windows Firewall?

A firewall is a security system that monitors and controls network traffic entering and leaving your computer. Think of it as a security checkpoint between your computer and the network: every connection attempt is inspected, and only those that match the allowed rules are permitted through.

Windows Defender Firewall (previously called Windows Firewall) is built into every version of Windows since XP SP2. It runs as a core operating system service and cannot be uninstalled, though it can be enabled or disabled. By default, it blocks unsolicited inbound connections while allowing all outbound connections.

Firewall vs. antivirus: different jobs.

An antivirus (like Defender) scans files for malicious content. A firewall controls which programs can communicate over the network. You need both working together for comprehensive protection. A file that passes antivirus checks could still send your data to an attacker if the firewall does not block the connection.

How the Firewall Makes Decisions

When a network connection is attempted, the firewall evaluates it against its rules in the following order:

1. Block rules — If a block rule matches the connection, it is dropped immediately, regardless of any allow rules.
2. Allow rules — If an allow rule matches, the connection is permitted.
3. Default behavior — If no rule matches, the default profile behavior applies (typically: block inbound, allow outbound).

Checking Firewall Status

Before making any changes, you should verify whether the firewall is currently active and which profile is in use.

Method 1: Windows Security App

Open Windows Security from the Start menu or by clicking the shield icon in the system tray.

Click Firewall & network protection. You will see three network profiles listed: Domain, Private, and Public. The currently active profile is labeled "(active)".

Each profile displays whether the firewall is On or Off. All three should show "Firewall is on" with a green checkmark.

Method 2: PowerShell

Open PowerShell as Administrator and run:

Get-NetFirewallProfile | Format-Table Name, Enabled, DefaultInboundAction, DefaultOutboundAction

Expected output for a properly configured system:

Name    Enabled DefaultInboundAction DefaultOutboundAction
----    ------- -------------------- ---------------------
Domain     True                Block                 Allow
Private    True                Block                 Allow
Public     True                Block                 Allow

Method 3: Command Prompt (netsh)

netsh advfirewall show allprofiles state

All three profiles must be enabled.

Some users disable the firewall for the Private profile thinking their home network is safe. This is a mistake. Malware on another device in your network, a compromised router, or a guest on your Wi-Fi can all attack your computer. Keep the firewall enabled on every profile.

Understanding Firewall Profiles

Windows Firewall uses three profiles, each with its own set of rules and default behaviors. Windows automatically selects the appropriate profile based on the type of network you are connected to.

Domain Profile Active when your computer is connected to a corporate domain network (Active Directory). This profile is managed by Group Policy in enterprise environments. Home users will almost never see this profile active.

Private Profile Active when you connect to a network you have designated as trusted, such as your home or office network. Network discovery and file sharing are typically allowed. You set a network as Private when you first connect to it.

Public Profile Active when you connect to an untrusted network such as a coffee shop, airport, or hotel Wi-Fi. This is the most restrictive profile. Network discovery is disabled and your computer is hidden from other devices on the network.

Changing a Network's Profile

If Windows assigned the wrong profile to your network (for example, your home Wi-Fi is set to Public when it should be Private), you can change it:

Open Settings (Win + I) and go to Network & Internet.

Click on your active network connection (Wi-Fi or Ethernet).

Under Network profile type, select either Public or Private.

Via PowerShell:

# View current network profile assignments
Get-NetConnectionProfile | Format-Table Name, InterfaceAlias, NetworkCategory

# Change a network to Private
Set-NetConnectionProfile -InterfaceAlias "Wi-Fi" -NetworkCategory Private

# Change a network to Public
Set-NetConnectionProfile -InterfaceAlias "Wi-Fi" -NetworkCategory Public

When in doubt, use Public.

If you are unsure which profile to use, keep the network set to Public. It provides the strongest protection. Only set a network to Private if you specifically need features like file sharing, printer sharing, or network discovery on that network.

Inbound vs. Outbound Traffic

Understanding the difference between inbound and outbound traffic is fundamental to firewall configuration. Every network connection has a direction, and the firewall treats each direction independently.

Inbound Traffic

Inbound connections are initiated by a remote device trying to reach your computer. Examples include someone trying to connect to a web server running on your machine, a remote desktop connection, or a file sharing request.

By default, Windows Firewall blocks all unsolicited inbound connections. This means no one can connect to your computer unless you have explicitly created an allow rule for that type of connection. This is the most important security feature of the firewall.

Outbound Traffic

Outbound connections are initiated by your computer reaching out to a remote server. Examples include browsing a website, checking email, downloading a file, or an application sending telemetry data.

By default, Windows Firewall allows all outbound connections. This means any application on your computer can connect to any server on the internet. While this is convenient, it means malware can communicate freely with command-and-control servers once it is on your system.

Consider restricting outbound connections for high-security needs.

Advanced users can change the default outbound behavior to Block, then create explicit allow rules for each application that needs internet access. This is powerful but time-consuming to maintain, as every application and Windows Update component needs an allow rule. Only do this if you understand the implications and are prepared to troubleshoot connectivity issues.

Viewing Current Firewall Rules

# View all enabled inbound rules
Get-NetFirewallRule -Direction Inbound -Enabled True | Format-Table DisplayName, Action, Profile

# View all enabled outbound rules
Get-NetFirewallRule -Direction Outbound -Enabled True | Format-Table DisplayName, Action, Profile

# Count rules by direction and action
Get-NetFirewallRule -Enabled True | Group-Object Direction, Action | Format-Table Count, Name

Enabling and Disabling the Firewall

There are rare situations where you may need to temporarily disable the firewall for troubleshooting. This section covers how to do it safely.

Disabling via Windows Security

Open Windows Security and click Firewall & network protection.

Click the active network profile (e.g., Private network (active)).

Toggle Microsoft Defender Firewall to Off. You will need to approve the User Account Control prompt.

Disabling via PowerShell

# Disable firewall for a specific profile
Set-NetFirewallProfile -Profile Private -Enabled False

# Disable firewall for all profiles (not recommended)
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

# Re-enable firewall for all profiles
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Disabling via Command Prompt

:: Disable all profiles
netsh advfirewall set allprofiles state off

:: Re-enable all profiles
netsh advfirewall set allprofiles state on

:: Disable only the Public profile
netsh advfirewall set publicprofile state off

Never leave the firewall disabled.

If you disable the firewall for troubleshooting, set a reminder to re-enable it. An unprotected computer on any network can be compromised within minutes. If a specific application is not working, create a targeted firewall rule instead of disabling the entire firewall.

Notification Settings

When the firewall blocks an application from accepting inbound connections, it can display a notification asking whether you want to allow the connection. Understanding and configuring these notifications helps you make informed decisions about network access.

Configuring Notifications

Open Windows Security and go to Firewall & network protection.

Click Firewall notification settings at the bottom of the page (or go to Settings > Notifications > Manage notifications).

Under Firewall & network protection notifications, you can toggle notifications on or off for each profile independently. Keep notifications enabled so you are aware when applications are blocked.

What to Do When a Notification Appears

When you see a firewall notification asking to allow an application through, ask yourself these questions before clicking Allow:

Did I just launch this application? If you just started a game, server, or development tool, allowing it is probably correct.
Do I recognize the application? If the program name is unfamiliar, do not allow it. Research the executable name first.
Does this application need to accept connections? A web browser does not need inbound connections. A game server does. Think about whether the request makes sense.
Which networks should it be allowed on? The notification lets you choose Private and/or Public networks. Most applications only need Private network access.

Via PowerShell, you can control notification behavior per profile:

# Disable notifications for the Private profile
Set-NetFirewallProfile -Profile Private -NotifyOnListen False

# Enable notifications for all profiles
Set-NetFirewallProfile -Profile Domain,Public,Private -NotifyOnListen True

Missed a notification?

If you accidentally dismissed a firewall notification or chose the wrong option, you can find and modify the rule in Windows Defender Firewall with Advanced Security (wf.msc). Look under Inbound Rules for the application name and adjust the rule as needed.

Summary

In this tutorial, you learned the fundamentals of Windows Firewall:

What a firewall does and how it differs from antivirus protection
How to check firewall status using the GUI, PowerShell, and command prompt
The three firewall profiles (Domain, Private, Public) and when each is active
The difference between inbound and outbound traffic and their default behaviors
How to safely enable and disable the firewall when needed
How to configure and respond to firewall notifications

Great foundation!

You now understand how Windows Firewall works at a conceptual level. In the next tutorial, you will learn how to create custom inbound and outbound rules to precisely control which applications and ports are allowed through the firewall.