Windows Firewall – CompTIA A+ 220-1102 – 2.5

Windows Defender Firewall provides control of both incoming and outgoing data flows. In this video, you’ll learn about the Defender Firewall interface, enable and disable firewall settings, and create custom exceptions for data flows.


Windows 10 of Windows 11 includes the Windows Defender Firewall, which is a built in software based firewall in the Windows operating system. This is a firewall that is turned on by default and the best practice is to always leave the firewall running. But there may be times when you nee d to enable or disable the firewall when you’re troubleshooting an application problem. You can easily disable the firewall from the control panel or using the firewall option within Windows Security.

Just remember to turn the firewall back on when you’re done with your troubleshooting. You can also turn on and off different parts of the firewall. So if you only want to try troubleshooting a local private network, you can simply disable the firewall for that network but leave any public network configurations turned on and active. This is my Windows 11 workstation but the process is very similar in Windows 10.

I’m going to click the magnifying glass and start typing security, and the app that comes up as the best match is Windows Security. On the left side, it does have an option for Firewall and Network Protection. And from here you can enable or disable the domain network, the private network, or the public network. You can see right now the public network is the active network. And if I click on that, I have the option to enable or disable that particular network.

When I click it, I get a user account control window that says, do you want to allow this app to make changes to your device, which should give you a warning that what you’re about to do has a major impact on the security of this Windows system. In this case, we would like to temporarily do this. So we’ll choose yes, and now you can see that the Windows Defender Firewall is turned off and it says that your device may be vulnerable.

Now I can perform the normal troubleshooting steps. I can determine where the problem actually might be. And then when I’m done, I can come back to the Firewall Options, choose the on option, and choose yes to continue turning the firewall back on. You can also use the older front end to firewall in the control panel. Let’s go back to our magnifying glass and choose Control Panel. That is the best match that comes in when I start typing that in.

If you scroll down, you’ll see the Windows Defender Firewall is at the bottom of the control panel, and it has a different user interface but the functionality is relatively similar. There’s the guest or public network that we’re currently connected to. And I can turn Windows Defender Firewall on or off using the links on the left hand side of the screen. You see both the private network and public network are listed.

And from here I can choose to turn on Windows Defender Firewall or turn off Windows Defender Firewall. And it tells you that this is not recommended. When I click OK, I can see that the firewall has been updated and it tells me that the Windows Firewall is turned off and I can choose More Options on my screen to turn the firewall back on. When we were turning off the firewall, you may have noticed an option inside of the control panel that says block all incoming connections, including those in the list of allowed apps.

This is the option to ensure that nothing can connect to your computer from the outside. So if you’re on an insecure network, you’re at a coffee shop, or you’re at a hotel, and you want to be sure that nothing has access to your device, you can simply go into these settings and choose to block all incoming connections. Since Windows Firewall is running in the Windows operating system, it knows all of the applications that are being used on your system, and it can enable or disable access to that application from inside the firewall.

We can also make customized changes to the firewall that would allow either a certain app or certain set of port numbers to be allowed or blocked from the firewall. We can also specify whether this is incoming traffic or outgoing traffic. You can also choose from a list of predefined exceptions which makes it very quick to allow or disallow network traffic for an application. Or you can build your own custom role with a number of different criteria.

Let’s create a rule in our firewall that we can visually see happening. We’re going to block all outgoing traffic from our web browser. We’ll start by clicking the Search. I’ll type in security to bring up the Windows Security app. And inside the app, I’ll choose the option for firewall and network protection. At the bottom is an option for advanced settings. And if I click that, I’ll get a Windows user account control window that tells me that I’m about to make some significant changes to the operating system, and do I want to continue to make changes to my device?

Yes I do. Behind there, you’ll see a window will pop up which is the Windows Defender Firewall with Advanced Security. Now let’s build a rule for outgoing traffic. You can see they are separated into inbound rules and outbound rules. In this case, we’d like to add a new outbound rule. If I right mouse click on that, I can choose the option for new rule. This will allow me to create a rule based on a program, a port number, a set of predefined configurations that are built into Windows firewall, or I can create a custom rule.

We could easily choose program and then choose the browser that we would like to use to be able to prevent outbound traffic. But what if we had different browsers that were in our operating system? We would have to create separate rules for each individual browser. Instead, let’s create an outbound rule based on a port number. This way it doesn’t matter what browser might be used on the operating system. We’re blocking the network traffic that is commonly used for all browsers.

Let’s click the Next option. It’ll bring up a link that says does this rule apply to TCP or UDP. Since we’re going to block HTTP or web traffic, that would be TCP. And then it says to specify the remote ports. In this case, I want to block port 80 and port 443. We’ll click Next. It asks me to either allow the connection, allow the connection if it’s secure, or block the connection. And in our case, we want to block the connection.

We’re also going to specify that this rule applies to the domain, the private network, and the public network. Then we’ll click Next. We now need to give it a name. We’ll call it Block Outgoing Web Browser. And I could also put a description into this as well. Before we click Finish, let’s try the current browser configuration and make sure that everything’s working normally.

I’m going to click the edge icon at the bottom, and you can see that Google loads from the internet normally. I’m going to close out the Edge browser. And we’re going to click the Finish button inside of our firewall. Now at the top we have a rule that says block outgoing web browser and it is currently active and enabled on our system. Let’s now start our web browser again. I’ll click the Edge option.

Although it seems that this Google screen that comes up means that the firewall rule is not working, what’s actually happened is it loaded this Google screen from cache. So let’s try a different website. Let’s instead go to ProfessorMesser.com. And when I try to do that the browser says your internet access is blocked. We have now created a rule inside of our firewall that’s going to block all port 80 and port 443 for any application we’re using on our system.