Reading Time: 6minutesA firewall is a program installed on your computer or a piece of hardware that uses a rule set to block or allow access to a computer, server or network. It separates your internal network from the external network (the Internet).
Firewalls can permit traffic to be routed through a specific port to a program or destination while blocking other malicious traffic. A firewall can be a hardware, software, or a blending of both.
The firewall has two network connections. One is facing outward towards the WAN (wide area network or Internet), and the other one is facing inwards towards your private network or LAN (local area network).These firewall connections allow for specific traffic to travel from one side one the network to the other.
Stateful or Stateless?
There are two types of firewalls; Stateful or Stateless.
Stateful firewalls keep track of the state or type of connection that is made and can remember specific traits of that connection. For example, if you connect to a server via FTP, the connection details are noted and retained by the firewall and will allow that traffic to pass back and forth unchecked. Other traits may include details like the IP address or ports participating in the actual connection.
Stateless firewalls block or allow Internet traffic to a server based on a firewall ruleset or, the origin and destination web addresses requested by the server. Stateless firewalls do not inspect the packets of information sent to or from the server.
How Do I Access The Windows Server Firewall?
The windows firewall interface can be accessed multiple ways. The first way we will look at is via the windows search function.
Login to your server using your preferred remote desktop application.
Click the search icon and type in “firewall“. Then, click on the “Windows Firewall with Advanced Security” icon.
This will open the firewall management interface.
The second way to access the Windows firewall interface is via the Start menu.
Click on the Windows Start button in the lower left corner of the screen.
Click on the Windows Administrative Tools action box.
Then, click on the Windows Firewall with Advanced Security.
In this general overview, you can verify that the firewall is up and running and also show what each profiles current settings are.
What Are Profiles?
Profiles are simply a grouping of firewall rules dependent on where a server is connected.
Domain Profile: This profile is used when the server is connected to a domain controller, which in turn is controlling a windows domain. This profile should be the least restrictive of the other domain profiles because security is usually very well controlled.
Since a server can only be joined to one domain at a time, if it is not joined to the Domain Profile noted above, it will be joined to a Public or Private network. The following two profiles are where the server will then be joined.
Private Profile: This profile is used if the server is part of or within a private network not directly connected to the Internet. In these cases, the server will be behind a router or hardware firewall. (This profile should be less restrictive than the domain profile above because security is usually well controlled)
Public Profile: This profile is used when the server is connected directly to a public network like a restaurant, library or airport. (This profile should be the most restrictive because security is usually not well controlled or uncontrolled)
Once open, click on the Windows Firewall Properties link below the profile section.
This will open a dialog box denoting the three different profiles discussed earlier (as well as the IPsec Settings tab)
Under the Domain Profile tab, click on the Firewall state dropdown menu and select off.
Depending on your settings and need, you can also disable the Firewall of the other profiles(highlighted in red above).
Once you have disabled the firewall for the selected profile, click Apply, then OK.
To turn the Firewall back on, simply reverse the process. Select the Profile you wish to enable the firewall for, click on the dropdown and select On (recommended).
Once you have re-enabled the firewall for the selected profile, click Apply, then OK.
What the Windows Firewall Blocks And What It Does Not
There are several basic behaviors of the Windows Firewall.
Windows Firewall never blocks outgoing traffic.
Any requests sent out from the server will not be hindered in any way.
Windows Firewall blocks all incoming traffic except for traffic that is in responses to a request.This means that if you make a request to Google, Google’s inbound reply to your outbound request will not be blocked.
Windows Firewall blocks all other traffic.
This means that any traffic not explicitly allow is blocked in the firewall.
There are two kinds of exceptions included in the basic firewall behavior: Port Exceptions and Program Exception.
Port exceptions are linked to a port you open via a firewall rule or, a port you open that is limited by IP via a firewall rule.
Windows Firewall does not block inbound traffic that is routed through a port you have specifically opened.
If you have opened port 2302 (UDP) to play Halo: Combat Evolved, (because who doesn’t love a little Halo action) the firewall rule will allow the game’s info to be transmitted back and forth over the internet without interference.
Open a Port in the Firewall
In the Windows Firewall with Advanced Security window, right-click Inbound Rules, and then click New Rule in the action pane.
Rule Type dialog box, select Port and then click Next.
In the Protocol and Ports dialog box, select TCP. Then select Specific local ports, and then type the port number.
In the Action dialog box, select Allow the connection and then click Next.
In the Profile dialog box, select any profiles that apply and then click Next.
In the Name dialog box, type a name and description for this rule, and then click Finish.
At this point, you will be dropped back to the main firewall screen. You will now see a new rule in the Main Firewall rules in the center section,as well as a new listing in the right window panel.
Close a Port in the Firewall
To remove a specific rule, start at the basic firewall view.
Select Inbound Rules in the top left window panel.
Select the rule you would like to remove and either right-click the rule and click click delete or…
Select the rule from the right-hand window pane (in this case, FTP 21), and click on Delete.
A dialog box will pop up asking you to confirm the rule removal, click Yes.
A program exception is where a firewall rule is set up to ignore inbound and outbound traffic from a specific program. Windows Firewall will let you create firewall rules to allow traffic through a specific port from a limited range of IP addresses. Let’s say you want to upload a picture via FTP to your server from your home and your IP address range used is 10.0.0.1 – 10.0.0.5. You can link that newly opened port to accept only IP’s in the range of 10.0.0.1 – 10.0.0.5 so only those IP’s can reach the server via FTP.
Open a Port in the Firewall for a Program:
Click on the “Inbound Rules” option on the top left of the firewall interface. Then, click on the “New rule…”
Under “Rule Type”, select the option “Program” and then click “Next”.
Next, select the option “This Program path” and click “Next”.
In this field, you can begin typing the path/location of the program to allow. In this case, we selected Windows Mail and click “Next”.
Next, we select the option “Allow the connection” and then click “Next”.
Select the profile the rule will be applied to. (We have allowed all three for demonstration purposes. Your selection may vary.)
Select a name and description for this rule and then Click “Finish”.
At this point, you will be dropped back to the main firewall screen. You will now see a new rule in the Main Firewall rules in the center section, as well as a new listing in the right window pane
Close A Port in the Firewall for a Program
Removing a port for a specific program is a lot easier than opening it! To remove an existing rule for a program:
Go back into the firewall’s main interface
Click on “Inbound Rules” in the left window pane.
Select the rule you would like to remove (we are going to remove the FTP rule we added earlier). Rght-click on the rule which will open a context menu. Then click Delete.
Another dialog box will pop up asking you to confirm the rule removal, click yes.
In summary, the windows firewall passes all outgoing traffic and allows incoming responses to that outbound traffic, allows incoming port/program exceptions and rejects all other incoming traffic. Overall, the windows firewall is a robust, easily configurable security feature that will provide the needed levels of protection to keep your server safe.