Another tool that we'll use

for managing our Windows 10 security

is going to be the Windows Firewall. Now

just like Windows Defender, we don't want

this to be the only thing we're using.

We do want to use a Windows Firewall, but

we want other firewalls at other places

on our network to provide overall

network protection as well.

So this is not a

solution to every firewalling issue,

but it is a good useful tool to have,

and you don't, if at all possible, we

don't want to turn it off

because we want that protection in case

something gets through

our network-based firewall. So let's look

at how we can manage it. So I'm here

under settings

and update and security and then Windows

security,

and here is my firewall and network

protection.

So I'm going to click on that, and I'm

going to have

a simple way to deal with a firewall and

then we call Windows Firewall with

advanced security for more detailed

information.

So here is our firewall and network

protection. You see we have different

domain pro- or different network profiles.

The domain network, the private network,

and the public network.

And then this right here tells me that

I'm currently on the private network

profile.

And currently the firewall is on. Now let

me go ahead and click on that,

and I've got a couple of options here. So

I can turn off my firewall. Now I don't

recommend doing this as a long-term

solution,

but if you need to turn off the firewall

while you're troubleshooting an issue,

that actually can be useful.

Something's not working, I'm trying, I'm

having a network connectivity issue, let

me turn off my firewall,

see if that fixes the problem. Now if

that does, I don't want to leave my

firewall

off, but now I know there's a firewall

setting that I'm going to need to adjust.

So I'm going to try to find that

firewall setting so that I can

bring my firewall back up, but allow that

particular application through the

firewall.

So this turns it off

and then back on. And it's now paranoid

because I turned its firewall off.

I'm going to turn its firewall back on,

that'll make it happy again.

Okay now, so this is this

on or off, all or nothing thing. The other

all or nothing thing is this one right

here.

So a firewall will control data coming

into your computer and data going

out from your computer, and by default

Windows Firewall is going to allow

some things going out, block most things

coming in unless they're specifically

allowed.

What this does is this blocks all

incoming connections,

and, again, this is going to be a

temporary thing, this is not permanent,

right?

So I'm down at Starbucks,

I'm probably going to be on a public

network, not a private network. But I'm

down at Starbucks,

and for some reason I just think, you

know what? I'm on the

net- I'm on the network, I'm surfing

the internet, or I'm working on a

document,

but I really don't want

any access to my computer across this

network.

So I can come in here and say just block

all incoming connections

including those who would otherwise be

allowed, and that's just gonna, you know,

slam the door shut.

So when we turn off Windows Defender, you

know,

get rid of all the locks on the doors,

throw open the windows, knock down the

walls, just let anybody come in.

This is the exact opposite, go complete

lockdown.

Okay, those are our two all or nothing

options and we can do that for

any one of these three profiles. So I can

set my public network, I want to block

all incoming connections while still

leaving incoming connections allowed on

a private network that I trust

a little bit better. All right, now

those are all or nothing. Most of the

time we don't want all or nothing.

Most of the time we're going to want

specific things and that's

here, allow an app through the firewall.

So let me bring this up, and this is

going to show

a bunch of apps that are already allowed

through my firewall,

and so you'll see the list of apps here,

and a bunch of these are going to be

Microsoft

apps, but there are some of them that are

not going to be Microsoft apps

like I have Packet Tracer installed on

my system,

and so Packet Tracer created a rule for

the firewall

and it said hey, go ahead and allow this,

and I didn't do that, right? When I

installed the software, the software did

that

for me. So that actually makes this

easier to work with, but if for some

reason

I decide that there's an app that I

don't want access to

after all, then I can come in here and I

can change that.

So we'll do that by going to change

settings, and let's look at this one

right here,

Paint 3D. So Paint 3D is currently

allowed for both the private and the

public network.

Now, if I want to change which networks

it's allowed on, I can just

click that and uncheck or check those

boxes. If I want to turn it off entirely,

I check the box over here, pretty

straightforward.

If I don't see the app in here that I

want, so let's say I'm having a problem

with a particular application connecting

through my network.

I've proven that because I turned off

the firewall and it worked fine. Turned

the firewall back on, it stopped working.

Okay so that told me where the problem

was, so now what I can do

is I can come in and add another app.

So I allow my other app, I browse to

wherever it is, blah blah blah, I find my

app. I'm already in Packet Tracer, I'll go to

click that just for the fun of it.

So I'm going to Packet Tracer and then

I'm going to choose network types, public

or private network.

And then, I'll go ahead and cancel that because I

don't need it,

that will add that executable to

this particular firewall rules to allow

them

out either public or private networks.

So this is the easy way to manage it.

This is not the detailed way.

This does it based on application,

not on specific port number. Now if we

want it on a specific port number,

and I want more detailed settings, that's

where I go to

my advanced settings, so I'm going to

click my advanced settings.

And here is my Windows Firewall with

advanced security.

Now, over here I've got different types

of rules, inbound rules,

outbound rules, connection security rules.

Here's my little overview

and specific actions I can take. So for

each of these profiles

the Windows Defender Firewall is on,

inbound connections

do not match rule are blocked, outbound

connections that do not match rule are

allowed.

Now obviously I can change these however

I want as well by going to Windows

Defender Firewall properties.

And so then for- let me go to my public

profile and from my public profile I can

say

firewall state is on, inbound connections

blocked by default,

outbound connections, I'm going to block

outbound connections.

Now obviously I don't want to actually

do that, but

if I did want to, you know, completely

block any access

to this in or out of this computer

while I'm on that public network, that

would be a way to do it. This is going to

block my outbound connections,

so nothing originating on my computer

going out will work.

And then on my inbound connections, I can

block default,

block all connections, or allow all

connections.

Allow all connections, no security, block

all connections,

at this point I would go into complete

isolation mode.

Let me go and apply that because I'm not

on this network anyway.

And we'll see right here, Windows

Defender Firewall is on and we are

blocking

everything. So if I ever switch my

network profile to public,

it's- my firewall goes into complete

lockdown.

So let me go to

Do-do-do-do-do

Get my right profile here again to reset

that.

Okay. So those are very, very similar to

some of the things we were looking at

when we were looking at the basic setup.

View and create firewall rules, all right.

Let's take a look at our inbound and

outbound rules. Inbound rules impact

traffic coming

in. Outbound rules impact traffic going

out. Let's start with inbound rules.

Here are all of my inbound rules. Let me

go and maximize this, gives us a little

more real estate here.

So let's take a look at this Packet

Tracer executable.

What profile we're looking at, is it

enabled,

what action does it take, block or allow,

what program does it entail,

what's the local address, what's the

remote address,

and then as we scroll over what protocol,

what port number, what remote

port, local and remote port number, are

there any authorized users or computers

or-

Well as you can tell, these can get fairly

detailed. Maybe the best way to look at

this

is going to be to go and create a new

rule. So I'm going to come over here and

click new

new rule. And I can do this based on a

particular program, a particular port

number, a predefined rule, or a custom

rule.

Let me start with a port number. Let's

say I want to allow

port 25 for SMTP connections

in. Only be relevant if I'm running a

mail server, I'm not, but

we're not going to save the rule anyway.

So let's click on- we're going to do a

port rule and we're going to go next.

Is this going to be a TCP or a UDP port. As

you can tell

right away, in order to do this, you need

to know which port numbers you're

working with, what protocols you're

working with.

So this for a mail server is going to be

TCP port 25,

so I'm going to specify port 25. I really

don't want to specify all local ports.

That's opening things up way too much.

And notice that I can set up more than one

port here, you see their examples

separated by commas or a dash for a

range.

I'm going to do port 25, and then

I have three options here. I can allow

the connection, allow

only if it's secure, so these are IPsec

connections,

or I can block the connection. Now,

blocking connections is kind of weird.

Normally you don't need to block

connections.

You just don't allow it. If it's not

allowed it's blocked,

but sometimes you'll have another rule

somewhere that's allowing something

and this particular type of traffic is

part of what's being allowed,

but you really don't want this, in that

case you might need to use

a block rule, but your better option is

to

only create rules for the data that you

want to allow

and just let everything else be

automatically blocked.

So I'm going to allow this because I'm

going to be running a local mail server,

and then what profile do these apply to

domain, private, public,

and I'm only going to run this when I'm

on a domain network,

and click next, and then I'm going to set

the name and the description for the rule

and click finish and that will

create the rule for me. I'm going to go ahead and

cancel that because I don't want to

actually do that.

Let's open up another rule here so that

we can look at once we get it created

this is going to be all the details for

it. So this is a

rule 4 Packet Tracer. So we got the name

of it, the description, whether it's

enabled

or not, what it does, it allows the

connection.

We can look at the programs and services

that are allowed to use this,

and then any remote computers, are there

only specific computers that we want,

are we going to make exceptions? So by

default, it's going to allow anything,

but I can say you know what, only allow

these specific computers

or skip this rule for these specific

computers.

So I want packages to work with

everybody except

and then I can specify my specific

exceptions. You can also identify

specific

protocols and ports. So what if I

don't want Packet Tracer to use

all ports? Well I could specify specific

ports it would be allowed to use.

Obviously I'd have to modify the rule,

but

you see here where we can set it.

We can set the scope so local IP

addresses, remote IP addresses that we're

going to be connecting to.

So I can say only allow Packet Tracer to

connect to specific remote IP

addresses rather than any of them, and

then

the profiles, the interface types,

local principles, are there specific users

that are allowed to do this

or not or are there remote users that

are allowed to use this rule or not?

So you can see we can actually get very,

very precise

in our Windows Firewall rules,

which is great because it gives us

this screen with the Windows Firewall

with advanced security which gives us

very, very detailed rules. By the way

outbound rules work basically the same

way as inbound rules

except that outbound rules filter

traffic as it's leaving your

computer,

inbound rules filter traffic as it's coming

into your computer.

So these are probably- the inbound rules

are probably going to be your little

more

important ones, but one of the nice

things with Windows Defender Firewall

is that it does give you the ability to

be

very, very detailed here if you're doing

advanced security,

but using your basic options,

it still allows you to kind of customize

your network protection,

your firewall protection a little bit

without being so overwhelming that

somebody who's not comfortable with

networking and firewalls is going to be

overwhelmed

and not do it.