Windows Firewall plays an important part in protecting your system from network-based threats. As such, it’s considered good practice to have it enabled. But as a consequence, you may encounter network issues in certain programs.
This occurs because the firewall likely has rules in place that block connections to ports used by the program to communicate. As stated, disabling the firewall entirely is not recommended.
What you can instead do is open only the necessary ports. We’ve detailed multiple ways to do this in the sections below.
Ways to Configure Ports on Windows Firewall
The first method will be the most intuitive for most users, but if you’d prefer CLI methods, we’ve also listed how to open or close ports via Command Prompt and PowerShell.
Via Windows Firewall GUI Interface
You must be a member of the Administrator group to open ports via the Windows Defender Firewall with Advanced Security console. With that said, here are the necessary steps:
- Press Win + R, type
wf.msc, and press Enter.
- From the left pane, select Inbound Rules or Outbound Rules, depending on which you want to configure.
- Click on New Rule from the Actions window.
- In the Rule Type screen, select Port and press Next.
- Select TCP or UDP, depending on which is applicable to the program you’re trying to open the port for.
- Click on Allow the connection and press Next.
- Select the network profiles this rule should apply to and press Next.|
- Name the rule, add a description if you want, and press Finish.
- Restart the computer afterward.
If you’re trying to close certain ports instead, there are a few ways to go about it. You can follow the same steps as above until Step 6, where you can choose to block the connection.
Alternatively, you can also select the rule and disable or delete it from the App Installer section.
You can use
netsh firewall or
netsh advfirewall to control Windows Firewall behavior. As
netsh firewall is deprecated and could be removed in the future, we’ve used netsh advfirewall for the examples listed below.
For instance, to add a rule to open TCP port 80, use:
netsh advfirewall firewall add rule name= "Open Port 80" dir=in action=allow protocol=TCP localport=80
You can modify the options as follows:
Dir: in > out to specify outbound.
Action: allow > block to block the connection instead.
Protocol: TCP > UDP to select UDP instead.
Localport: Specify the port no.
Finally, you also change add rule to delete rule to remove the specified rule as such:
netsh advfirewall firewall delete rule name="rule name" protocol=udp localport=<portno>
In PowerShell, you can use the
New-NetFirewallRule cmdlet to create a new inbound or outbound firewall rule. The example below creates a new inbound rule that allows connections to TCP Port 80:
New-NetFirewallRule -DisplayName "Allow Inbound Port 80" -Direction Inbound -LocalPort 80 -Protocol TCP -Action Allow
You can modify the options as such:
Direction: Inbound or Outbound
LocalPort: Specify Port No.
Protocol: TCP or UDP
Action: Allow or Block
You can also use the
Set-NetFirewallRule command to modify existing rules. For instance, we open port 1604 for inbound traffic in the following example, even though it was previously closed:
Set-NetFirewallRule -DisplayName "Allow1604" -LocalPort 1604 -Action Allow
Finally, if you want, you can also delete the rule entirely using its localized name as such:
Remove-NetFirewallRule -DisplayName "Block1604"
Configuring Ports On Router
If allowing a port through the firewall didn’t work, there are a few things worth checking.
- First, there could be a different rule set to block the port. Sort the rules by Action or LocalPort and ensure there isn’t another rule overriding the one you just made.
- Second, make sure the network profile you’re currently using and the profile you set the rules for are the same. If you’re using the Private profile, but you set the rules for Public, that wouldn’t work.
- Aside from this, for incoming connections, you must enable the necessary ports from the router as well, in addition to the local firewall.
Most modern routers support port forwarding, and the process is similar as well. The gist is to access the router settings page, navigate to the Administration or Advanced section and configure Port Forwarding.
There, you can add a new service and specify its configurations, including the port number or range. We also have an in-depth article with full steps to open ports on a router if you require it.
Finally, if you want to check the open ports, you can use the
netstat -na command to display all connections in numerical form. Look for the port you’re trying to check under Local Address. If the state is LISTENING, that means the port is open.