Windows Defender Firewall Configuration

Windows Defender Firewall Configuration

Windows Defender Firewall, integrated into all modern Windows versions, provides robust host-based protection with minimal performance impact. The firewall operates with three profiles—Domain, Private, and Public—automatically switching based on network detection. Understanding profile behavior and configuration ensures appropriate security levels for different network environments.

Basic Windows Firewall configuration through the GUI provides straightforward rule management. Access Windows Defender Firewall with Advanced Security through wf.msc for comprehensive control. Create inbound rules restricting access to specific services:

New-NetFirewallRule -DisplayName "Allow SQL Server" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action Allow -RemoteAddress 192.168.1.0/24

This PowerShell command creates a rule allowing SQL Server access only from the specified subnet.

Advanced configurations leverage Windows Firewall's sophisticated capabilities. Connection security rules implement IPsec for encrypted communication between systems. Configure authentication methods, encryption algorithms, and data integrity requirements. For example, creating a server-to-server IPsec policy:

New-NetIPsecRule -DisplayName "Secure Server Communication" -InboundSecurity Require -OutboundSecurity Require -RemoteAddress 192.168.2.10
New-NetIPsecPhase1AuthSet -DisplayName "Computer Certificate Auth" -Proposal @{Authentication="ComputerCert"}

Group Policy provides centralized firewall management for domain environments. Create firewall policies applying to different computer groups, ensuring consistent security across the organization. Export and import firewall rules for standardization: netsh advfirewall export "baseline-rules.wfw". Monitor firewall logs located in %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log when logging is enabled, analyzing blocked connections for security incidents or misconfigurations.