Events
Nov 19, 11 PM - Nov 21, 11 PM
Gain the competitive edge you need with powerful AI and Cloud solutions by attending Microsoft Ignite online.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Windows offers different tools to view the status and configure Windows Firewall. All tools interact with the same underlying services, but provide different levels of control over those services:
Note
To change the configuration of Windows Firewall on a device, you must have administative rights.
The Windows Security app can be used to view the Windows Firewall status and access advanced tools to configure it. Select START, type Windows Security
, and press ENTER. Once Windows Security is open, select the tab Firewall & network protection. Or use the following shortcut:
The Windows Defender Firewall Control Panel applet provides basic functionalities to configure Windows Firewall. Select START, type firewall.cpl
, and press ENTER.
The Windows Defender Firewall with Advanced Security (WFAS) is a Microsoft Management Console (MMC) snap-in that provides advanced configuration functionalities. It can be used locally and in group policy (GPO) implementations.
wf.msc
, and press ENTERThe Firewall CSP provides an interface to configure and query the status of Windows Firewall, which can be used with a mobile device management (MDM) solution like Microsoft Intune.
The NetSecurity
PowerShell module and Network Command Shell (netsh.exe)
are command line utilities that can be used to query the status and configure Windows Firewall.
The Windows Firewall policy settings are stored in the registry. By default, group policies are refreshed in the background every 90 minutes, with a random offset between 0 and 30 minutes.
Windows Firewall monitors the registry for changes, and if something is written to the registry it notifies the Windows Filtering Platform (WFP), which performs the following actions:
Note
The actions are triggered whenever something is written to, or deleted from the registry location the GPO settings are stored, regardless if there's really a configuration change. During the process, IPsec connections are disconnected.
Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. To control the behavior of the registry group policy processing, you can use the policy Computer Configuration > Administrative Templates > System > Group Policy > Configure registry policy processing. The Process even if the Group Policy objects haven't changed option updates and reapplies the policies even if the policies haven't changed. This option is disabled by default.
If you enable the option Process even if the Group Policy objects haven't changed, the WFP filters get reapplied at every background refresh. In case you have 10 group policies, the WFP filters get reapplied 10 times during the refresh interval. If an error happens during policy processing, the applied settings might be incomplete, resulting in issues like:
The temporary solution is to refresh the group policy settings, using the command gpupdate.exe /force
, which requires connectivity to a domain controller.
To avoid the issue, leave the policy Configure registry policy processing to the default value of Not Configured or, if already configured, configure it Disabled.
Important
The checkbox next to Process even if the Group Policy objects have not changed must be unchecked. If you leave it unchecked, WFP filters are written only in case there's a configuration change.
If there's a requirement to force registry deletion and rewrite, then disable background processing by checking the checkbox next to Do not apply during periodic background processing.
An important Windows Firewall feature you can use to mitigate damage during an active attack is the shields up mode. It's an informal term referring to an easy method a firewall administrator can use to temporarily increase security in the face of an active attack.
Shields up can be achieved by checking Block all incoming connections, including those in the list of allowed apps setting found in either the Windows Settings app or Control Panel.
By default, the Windows Firewall blocks everything unless there's an exception rule created. The shield up option overrides the exceptions. For example, the Remote Desktop feature automatically creates firewall rules when enabled. However, if there's an active exploit using multiple ports and services on a host, you can, instead of disabling individual rules, use the shields up mode to block all inbound connections, overriding previous exceptions, including the rules for Remote Desktop. The Remote Desktop rules remain intact but remote access can't work as long as shields up is active.
Once the emergency is over, uncheck the setting to restore regular network traffic.
From the following dropdown, select one of tools to learn how to configure Windows Firewall:
Events
Nov 19, 11 PM - Nov 21, 11 PM
Gain the competitive edge you need with powerful AI and Cloud solutions by attending Microsoft Ignite online.
Register now