Windows Firewall from start to finish

What's a firewall?

A firewall is software or hardware that helps prevent hackers and some types of malware from getting to your PC through a network or the Internet. It does this by checking the info that’s coming from the Internet or a network and then either blocking it or allowing it to pass through to your PC.

A firewall isn't the same thing as an antivirus or anti-malware application. Firewalls help protect against worms and hackers, antivirus applications help protect against viruses and anti-malware applications help protect against malware. You need all three. You can use Windows Defender, the antivirus and anti-malware software that's included with Windows 8, or you can use another antivirus and anti-malware application.

You only need one firewall application on your PC (in addition to the firewall that's probably built into your network router). Having more than one firewall application on your PC can cause conflicts and problems.

Windows Firewall comes with Windows and is turned on by default.

Here’s a picture showing how a firewall works:

Illustration showing how a firewall creates a barrier between the Internet and your PC
A firewall creates a barrier between the Internet and your PC

We recommend that you use these default firewall settings:

  • The firewall is on for all network connections.

  • The firewall is blocking all inbound connections except those that you specifically allow.

  • The firewall is on for all network types (Private, Public or Domain).

    Note

    • PCs running Windows RT or Windows 8 can't join a domain. You can only join a domain if your PC is running Windows 8 Pro or Windows 8 Enterprise.

Turning Windows Firewall on or off

You shouldn’t turn off Windows Firewall unless you have another firewall turned on. Turning off Windows Firewall might make your PC (and your network, if you have one) more vulnerable to damage from worms or hackers.

  1. Open Windows Firewall by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering firewall in the search box, and then tapping or clicking Windows Firewall.

  2. Tap or click Turn Windows Firewall on or off . Administrator permission required You might be asked for an admin password or to confirm your choice.

  3. Do one of the following:

    • Tap or click Turn on Windows Firewall under each type of network that you want to help protect, then tap or click OK.

    • Tap or click Turn off Windows Firewall (not recommended) under each network type that you want to stop trying to protect, then tap or click OK.

    Note

    • If your PC is connected to a network, network policy settings might prevent you from completing these steps. For more information, contact your administrator.

Understanding Windows Firewall settings

You can customise four settings for each type of network (Public, Private or Domain). To find these settings, follow these steps:

  1. Open Windows Firewall by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering firewall in the search box, and then tapping or clicking Windows Firewall.

  2. Tap or click Turn Windows Firewall on or off . Administrator permission required You might be asked for an admin password or to confirm your choice.

Here's what the settings do and when you should use them:

  • Turn on Windows Firewall . This setting is selected by default. When Windows Firewall is on, most applications are blocked from receiving info through the firewall. If you want to allow an application to receive info, use the steps in the next section to add it to the list of allowed apps. For example, you might not be able to receive photos in an instant message until you add the instant messaging application to the list of allowed applications.

  • Block all incoming connections, including those in the list of allowed applications. This setting blocks all unsolicited attempts to connect to your PC. Use this setting when you need maximum protection for your PC, such as when you connect to a public network in a hotel or airport. When you block all incoming connections, you can still view most web pages, send and receive emails, and send and receive instant messages.

  • Notify me when Windows Firewall blocks a new application . If you tick this checkbox, Windows Firewall will inform you when it blocks a new application and give you the option of unblocking that application.

  • Turn off Windows Firewall (not recommended). Avoid using this setting unless you have another firewall application running on your PC.

Note

  • If some firewall settings are unavailable and your PC is connected to a domain, your system administrator might be controlling these settings through Group Policy.

Allow an application to receive info through the firewall

By default, most applications are blocked by Windows Firewall to help make your PC more secure. To work properly, some applications might require you to allow them to receive info through the firewall.

Before allowing an application to receive info through the firewall, make sure that you understand the risks involved. For more information, see What are the risks of allowing applications through a firewall?

  1. Open Windows Firewall by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering firewall in the search box, and then tapping or clicking Windows Firewall.

  2. Tap or click Allow an application or feature through Windows Firewall .

  3. Tap or click Change settings. Administrator permission required You might be asked for an admin password or to confirm your choice.

  4. Tick the checkbox next to the application you want to allow, select the network types you want to allow communication on, then click OK.

Open a port in Windows Firewall

If Windows Firewall is blocking an application and you want to allow that application to receive info through the firewall, you can usually do that by selecting the application in the list of allowed applications, as described in the previous section.

However, if the application isn't listed, you might need to open a port (a way for applications to receive info through the firewall). For example, to play a multiplayer game with friends online, you might need to open a port for the game so that the firewall allows the game info to reach your PC. A port stays open all the time, so be sure to close ports that you don't need open any more.

  1. Open Windows Firewall by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering firewall in the search box, and then tapping or clicking Windows Firewall.

  2. Tap or click Advanced settings. Administrator permission required You might be asked for an admin password or to confirm your choice.

  3. In the Windows Firewall with Advanced Security dialogue box, in the left pane, tap or click Inbound Rules, then, in the right pane, tap or click New Rule.

  4. Follow the instructions on your screen.

Need more help?