Configuring Windows Defender Firewall

Edit subtitles

0:01 - 0:03

Another tool that we'll use
0:03 - 0:06

for managing our Windows 10 security
0:06 - 0:09

is going to be the Windows Firewall. Now
0:09 - 0:10

just like Windows Defender, we don't want
0:10 - 0:12

this to be the only thing we're using.
0:12 - 0:15

We do want to use a Windows Firewall, but
0:15 - 0:18

we want other firewalls at other places
0:18 - 0:19

on our network to provide overall
0:19 - 0:21

network protection as well.
0:21 - 0:24

So this is not a
0:25 - 0:28

solution to every firewalling issue,
0:28 - 0:31

but it is a good useful tool to have,
0:31 - 0:34

and you don't, if at all possible, we
0:34 - 0:36

don't want to turn it off
0:36 - 0:38

because we want that protection in case
0:38 - 0:40

something gets through
0:40 - 0:42

our network-based firewall. So let's look
0:42 - 0:45

at how we can manage it. So I'm here
0:45 - 0:46

under settings
0:46 - 0:49

and update and security and then Windows
0:49 - 0:50

security,
0:50 - 0:52

and here is my firewall and network
0:52 - 0:53

protection.
0:53 - 0:55

So I'm going to click on that, and I'm
0:55 - 0:56

going to have
0:56 - 0:59

a simple way to deal with a firewall and
0:59 - 1:00

then we call Windows Firewall with
1:00 - 1:02

advanced security for more detailed
1:02 - 1:04

information.
1:04 - 1:06

So here is our firewall and network
1:06 - 1:07

protection. You see we have different
1:07 - 1:09

domain pro- or different network profiles.
1:09 - 1:11

The domain network, the private network,
1:11 - 1:13

and the public network.
1:13 - 1:14

And then this right here tells me that
1:14 - 1:16

I'm currently on the private network
1:16 - 1:18

profile.
1:18 - 1:20

And currently the firewall is on. Now let
1:20 - 1:22

me go ahead and click on that,
1:22 - 1:25

and I've got a couple of options here. So
1:25 - 1:28

I can turn off my firewall. Now I don't
1:28 - 1:30

recommend doing this as a long-term
1:30 - 1:31

solution,
1:31 - 1:33

but if you need to turn off the firewall
1:33 - 1:35

while you're troubleshooting an issue,
1:35 - 1:37

that actually can be useful.
1:37 - 1:39

Something's not working, I'm trying, I'm
1:39 - 1:41

having a network connectivity issue, let
1:41 - 1:42

me turn off my firewall,
1:42 - 1:44

see if that fixes the problem. Now if
1:44 - 1:46

that does, I don't want to leave my
1:46 - 1:47

firewall
1:47 - 1:49

off, but now I know there's a firewall
1:49 - 1:51

setting that I'm going to need to adjust.
1:51 - 1:54

So I'm going to try to find that
1:54 - 1:55

firewall setting so that I can
1:55 - 1:58

bring my firewall back up, but allow that
1:58 - 1:59

particular application through the
1:59 - 2:00

firewall.
2:00 - 2:03

So this turns it off
2:03 - 2:07

and then back on. And it's now paranoid
2:07 - 2:09

because I turned its firewall off.
2:09 - 2:11

I'm going to turn its firewall back on,
2:11 - 2:12

that'll make it happy again.
2:12 - 2:15

Okay now, so this is this
2:15 - 2:18

on or off, all or nothing thing. The other
2:18 - 2:20

all or nothing thing is this one right
2:20 - 2:21

here.
2:21 - 2:24

So a firewall will control data coming
2:24 - 2:26

into your computer and data going
2:26 - 2:28

out from your computer, and by default
2:28 - 2:30

Windows Firewall is going to allow
2:30 - 2:33

some things going out, block most things
2:33 - 2:35

coming in unless they're specifically
2:35 - 2:36

allowed.
2:36 - 2:39

What this does is this blocks all
2:39 - 2:40

incoming connections,
2:40 - 2:41

and, again, this is going to be a
2:41 - 2:43

temporary thing, this is not permanent,
2:43 - 2:44

right?
2:44 - 2:47

So I'm down at Starbucks,
2:47 - 2:49

I'm probably going to be on a public
2:49 - 2:51

network, not a private network. But I'm
2:51 - 2:53

down at Starbucks,
2:53 - 2:56

and for some reason I just think, you
2:56 - 2:58

know what? I'm on the
2:58 - 2:59

net- I'm on the network, I'm surfing
2:59 - 3:02

the internet, or I'm working on a
3:02 - 3:03

document,
3:03 - 3:06

but I really don't want
3:06 - 3:08

any access to my computer across this
3:08 - 3:09

network.
3:09 - 3:11

So I can come in here and say just block
3:11 - 3:13

all incoming connections
3:13 - 3:14

including those who would otherwise be
3:14 - 3:16

allowed, and that's just gonna, you know,
3:16 - 3:18

slam the door shut.
3:18 - 3:22

So when we turn off Windows Defender, you
3:22 - 3:23

know,
3:23 - 3:24

get rid of all the locks on the doors,
3:24 - 3:26

throw open the windows, knock down the
3:26 - 3:28

walls, just let anybody come in.
3:28 - 3:30

This is the exact opposite, go complete
3:30 - 3:32

lockdown.
3:32 - 3:34

Okay, those are our two all or nothing
3:34 - 3:36

options and we can do that for
3:36 - 3:38

any one of these three profiles. So I can
3:38 - 3:40

set my public network, I want to block
3:40 - 3:43

all incoming connections while still
3:43 - 3:45

leaving incoming connections allowed on
3:45 - 3:46

a private network that I trust
3:46 - 3:49

a little bit better. All right, now
3:49 - 3:51

those are all or nothing. Most of the
3:51 - 3:54

time we don't want all or nothing.
3:54 - 3:55

Most of the time we're going to want
3:55 - 3:57

specific things and that's
3:57 - 4:00

here, allow an app through the firewall.
4:00 - 4:02

So let me bring this up, and this is
4:02 - 4:03

going to show
4:03 - 4:06

a bunch of apps that are already allowed
4:06 - 4:08

through my firewall,
4:08 - 4:10

and so you'll see the list of apps here,
4:10 - 4:11

and a bunch of these are going to be
4:11 - 4:12

Microsoft
4:12 - 4:14

apps, but there are some of them that are
4:14 - 4:16

not going to be Microsoft apps
4:16 - 4:18

like I have Packet Tracer installed on
4:18 - 4:19

my system,
4:19 - 4:22

and so Packet Tracer created a rule for
4:22 - 4:23

the firewall
4:23 - 4:25

and it said hey, go ahead and allow this,
4:25 - 4:28

and I didn't do that, right? When I
4:28 - 4:29

installed the software, the software did
4:29 - 4:30

that
4:30 - 4:32

for me. So that actually makes this
4:32 - 4:34

easier to work with, but if for some
4:34 - 4:35

reason
4:35 - 4:37

I decide that there's an app that I
4:37 - 4:38

don't want access to
4:38 - 4:41

after all, then I can come in here and I
4:41 - 4:42

can change that.
4:42 - 4:44

So we'll do that by going to change
4:44 - 4:46

settings, and let's look at this one
4:46 - 4:47

right here,
4:47 - 4:49

Paint 3D. So Paint 3D is currently
4:49 - 4:51

allowed for both the private and the
4:51 - 4:52

public network.
4:52 - 4:54

Now, if I want to change which networks
4:54 - 4:56

it's allowed on, I can just
4:56 - 4:59

click that and uncheck or check those
4:59 - 5:01

boxes. If I want to turn it off entirely,
5:01 - 5:04

I check the box over here, pretty
5:04 - 5:05

straightforward.
5:05 - 5:08

If I don't see the app in here that I
5:08 - 5:09

want, so let's say I'm having a problem
5:09 - 5:12

with a particular application connecting
5:12 - 5:13

through my network.
5:13 - 5:15

I've proven that because I turned off
5:15 - 5:16

the firewall and it worked fine. Turned
5:16 - 5:18

the firewall back on, it stopped working.
5:18 - 5:20

Okay so that told me where the problem
5:20 - 5:22

was, so now what I can do
5:22 - 5:26

is I can come in and add another app.
5:26 - 5:28

So I allow my other app, I browse to
5:28 - 5:30

wherever it is, blah blah blah, I find my
5:30 - 5:32

app. I'm already in Packet Tracer, I'll go to
5:32 - 5:34

click that just for the fun of it.
5:34 - 5:35

So I'm going to Packet Tracer and then
5:35 - 5:37

I'm going to choose network types, public
5:37 - 5:39

or private network.
5:39 - 5:41

And then, I'll go ahead and cancel that because I
5:41 - 5:43

don't need it,
5:43 - 5:47

that will add that executable to
5:47 - 5:49

this particular firewall rules to allow
5:49 - 5:50

them
5:50 - 5:53

out either public or private networks.
5:53 - 5:56

So this is the easy way to manage it.
5:56 - 5:59

This is not the detailed way.
5:59 - 6:01

This does it based on application,
6:01 - 6:04

not on specific port number. Now if we
6:04 - 6:06

want it on a specific port number,
6:06 - 6:08

and I want more detailed settings, that's
6:08 - 6:10

where I go to
6:10 - 6:12

my advanced settings, so I'm going to
6:12 - 6:15

click my advanced settings.
6:15 - 6:19

And here is my Windows Firewall with
6:19 - 6:22

advanced security.
6:22 - 6:23

Now, over here I've got different types
6:23 - 6:25

of rules, inbound rules,
6:25 - 6:27

outbound rules, connection security rules.
6:27 - 6:29

Here's my little overview
6:29 - 6:33

and specific actions I can take. So for
6:33 - 6:35

each of these profiles
6:35 - 6:37

the Windows Defender Firewall is on,
6:37 - 6:38

inbound connections
6:38 - 6:40

do not match rule are blocked, outbound
6:40 - 6:41

connections that do not match rule are
6:41 - 6:42

allowed.
6:42 - 6:44

Now obviously I can change these however
6:44 - 6:46

I want as well by going to Windows
6:46 - 6:48

Defender Firewall properties.
6:48 - 6:50

And so then for- let me go to my public
6:50 - 6:53

profile and from my public profile I can
6:53 - 6:54

say
6:54 - 6:56

firewall state is on, inbound connections
6:56 - 6:57

blocked by default,
6:57 - 6:59

outbound connections, I'm going to block
6:59 - 7:01

outbound connections.
7:01 - 7:03

Now obviously I don't want to actually
7:03 - 7:05

do that, but
7:05 - 7:07

if I did want to, you know, completely
7:07 - 7:09

block any access
7:09 - 7:13

to this in or out of this computer
7:13 - 7:14

while I'm on that public network, that
7:14 - 7:15

would be a way to do it. This is going to
7:15 - 7:17

block my outbound connections,
7:17 - 7:19

so nothing originating on my computer
7:19 - 7:21

going out will work.
7:21 - 7:23

And then on my inbound connections, I can
7:23 - 7:24

block default,
7:24 - 7:26

block all connections, or allow all
7:26 - 7:27

connections.
7:27 - 7:30

Allow all connections, no security, block
7:30 - 7:31

all connections,
7:31 - 7:33

at this point I would go into complete
7:33 - 7:34

isolation mode.
7:34 - 7:36

Let me go and apply that because I'm not
7:36 - 7:38

on this network anyway.
7:38 - 7:40

And we'll see right here, Windows
7:40 - 7:42

Defender Firewall is on and we are
7:42 - 7:43

blocking
7:43 - 7:45

everything. So if I ever switch my
7:45 - 7:48

network profile to public,
7:48 - 7:50

it's- my firewall goes into complete
7:50 - 7:52

lockdown.
7:52 - 7:55

So let me go to
7:55 - 7:56

Do-do-do-do-do
7:57 - 7:59

Get my right profile here again to reset
7:59 - 8:01

that.
8:03 - 8:08

Okay. So those are very, very similar to
8:08 - 8:09

some of the things we were looking at
8:09 - 8:11

when we were looking at the basic setup.
8:11 - 8:13

View and create firewall rules, all right.
8:13 - 8:15

Let's take a look at our inbound and
8:15 - 8:17

outbound rules. Inbound rules impact
8:17 - 8:18

traffic coming
8:18 - 8:20

in. Outbound rules impact traffic going
8:20 - 8:22

out. Let's start with inbound rules.
8:22 - 8:25

Here are all of my inbound rules. Let me
8:25 - 8:26

go and maximize this, gives us a little
8:26 - 8:28

more real estate here.
8:28 - 8:30

So let's take a look at this Packet
8:30 - 8:32

Tracer executable.
8:32 - 8:34

What profile we're looking at, is it
8:34 - 8:35

enabled,
8:35 - 8:38

what action does it take, block or allow,
8:38 - 8:40

what program does it entail,
8:40 - 8:42

what's the local address, what's the
8:42 - 8:44

remote address,
8:44 - 8:46

and then as we scroll over what protocol,
8:46 - 8:48

what port number, what remote
8:48 - 8:50

port, local and remote port number, are
8:50 - 8:52

there any authorized users or computers
8:52 - 8:52

or-
8:52 - 8:54

Well as you can tell, these can get fairly
8:54 - 8:56

detailed. Maybe the best way to look at
8:56 - 8:56

this
8:56 - 8:58

is going to be to go and create a new
8:58 - 9:00

rule. So I'm going to come over here and
9:00 - 9:00

click new
9:00 - 9:04

new rule. And I can do this based on a
9:04 - 9:06

particular program, a particular port
9:06 - 9:08

number, a predefined rule, or a custom
9:08 - 9:08

rule.
9:08 - 9:11

Let me start with a port number. Let's
9:11 - 9:12

say I want to allow
9:12 - 9:16

port 25 for SMTP connections
9:16 - 9:18

in. Only be relevant if I'm running a
9:18 - 9:19

mail server, I'm not, but
9:19 - 9:20

we're not going to save the rule anyway.
9:21 - 9:23

So let's click on- we're going to do a
9:23 - 9:25

port rule and we're going to go next.
9:25 - 9:29

Is this going to be a TCP or a UDP port. As
9:29 - 9:29

you can tell
9:29 - 9:31

right away, in order to do this, you need
9:31 - 9:32

to know which port numbers you're
9:32 - 9:34

working with, what protocols you're
9:34 - 9:35

working with.
9:35 - 9:38

So this for a mail server is going to be
9:38 - 9:40

TCP port 25,
9:40 - 9:42

so I'm going to specify port 25. I really
9:42 - 9:44

don't want to specify all local ports.
9:44 - 9:46

That's opening things up way too much.
9:46 - 9:48

And notice that I can set up more than one
9:48 - 9:50

port here, you see their examples
9:50 - 9:52

separated by commas or a dash for a
9:52 - 9:53

range.
9:53 - 9:56

I'm going to do port 25, and then
9:56 - 9:58

I have three options here. I can allow
9:58 - 9:59

the connection, allow
9:59 - 10:03

only if it's secure, so these are IPsec
10:03 - 10:04

connections,
10:04 - 10:07

or I can block the connection. Now,
10:07 - 10:10

blocking connections is kind of weird.
10:10 - 10:12

Normally you don't need to block
10:12 - 10:13

connections.
10:13 - 10:15

You just don't allow it. If it's not
10:15 - 10:17

allowed it's blocked,
10:17 - 10:19

but sometimes you'll have another rule
10:19 - 10:22

somewhere that's allowing something
10:22 - 10:24

and this particular type of traffic is
10:24 - 10:26

part of what's being allowed,
10:26 - 10:28

but you really don't want this, in that
10:28 - 10:29

case you might need to use
10:29 - 10:32

a block rule, but your better option is
10:32 - 10:32

to
10:32 - 10:35

only create rules for the data that you
10:35 - 10:36

want to allow
10:36 - 10:37

and just let everything else be
10:37 - 10:39

automatically blocked.
10:39 - 10:40

So I'm going to allow this because I'm
10:40 - 10:42

going to be running a local mail server,
10:42 - 10:45

and then what profile do these apply to
10:45 - 10:47

domain, private, public,
10:47 - 10:50

and I'm only going to run this when I'm
10:50 - 10:52

on a domain network,
10:52 - 10:54

and click next, and then I'm going to set
10:54 - 10:56

the name and the description for the rule
10:56 - 10:57

and click finish and that will
10:57 - 10:59

create the rule for me. I'm going to go ahead and
10:59 - 11:00

cancel that because I don't want to
11:00 - 11:02

actually do that.
11:02 - 11:03

Let's open up another rule here so that
11:03 - 11:06

we can look at once we get it created
11:06 - 11:08

this is going to be all the details for
11:08 - 11:10

it. So this is a
11:10 - 11:12

rule 4 Packet Tracer. So we got the name
11:12 - 11:14

of it, the description, whether it's
11:14 - 11:14

enabled
11:14 - 11:16

or not, what it does, it allows the
11:16 - 11:17

connection.
11:17 - 11:19

We can look at the programs and services
11:19 - 11:21

that are allowed to use this,
11:21 - 11:24

and then any remote computers, are there
11:24 - 11:26

only specific computers that we want,
11:26 - 11:29

are we going to make exceptions? So by
11:29 - 11:31

default, it's going to allow anything,
11:31 - 11:34

but I can say you know what, only allow
11:34 - 11:36

these specific computers
11:36 - 11:38

or skip this rule for these specific
11:38 - 11:39

computers.
11:39 - 11:41

So I want packages to work with
11:41 - 11:42

everybody except
11:42 - 11:44

and then I can specify my specific
11:44 - 11:46

exceptions. You can also identify
11:46 - 11:47

specific
11:47 - 11:50

protocols and ports. So what if I
11:50 - 11:52

don't want Packet Tracer to use
11:52 - 11:55

all ports? Well I could specify specific
11:55 - 11:57

ports it would be allowed to use.
11:57 - 11:59

Obviously I'd have to modify the rule,
11:59 - 12:00

but
12:00 - 12:03

you see here where we can set it.
12:03 - 12:05

We can set the scope so local IP
12:05 - 12:07

addresses, remote IP addresses that we're
12:07 - 12:09

going to be connecting to.
12:09 - 12:11

So I can say only allow Packet Tracer to
12:11 - 12:13

connect to specific remote IP
12:13 - 12:16

addresses rather than any of them, and
12:16 - 12:16

then
12:16 - 12:20

the profiles, the interface types,
12:20 - 12:22

local principles, are there specific users
12:22 - 12:23

that are allowed to do this
12:23 - 12:25

or not or are there remote users that
12:25 - 12:27

are allowed to use this rule or not?
12:27 - 12:29

So you can see we can actually get very,
12:29 - 12:30

very precise
12:30 - 12:34

in our Windows Firewall rules,
12:34 - 12:37

which is great because it gives us
12:37 - 12:39

this screen with the Windows Firewall
12:39 - 12:41

with advanced security which gives us
12:41 - 12:43

very, very detailed rules. By the way
12:43 - 12:44

outbound rules work basically the same
12:44 - 12:46

way as inbound rules
12:46 - 12:48

except that outbound rules filter
12:48 - 12:49

traffic as it's leaving your
12:49 - 12:50

computer,
12:50 - 12:52

inbound rules filter traffic as it's coming
12:52 - 12:54

into your computer.
12:54 - 12:57

So these are probably- the inbound rules
12:57 - 12:58

are probably going to be your little
12:58 - 12:58

more
12:58 - 13:01

important ones, but one of the nice
13:01 - 13:03

things with Windows Defender Firewall
13:03 - 13:06

is that it does give you the ability to
13:06 - 13:07

be
13:07 - 13:09

very, very detailed here if you're doing
13:09 - 13:10

advanced security,
13:10 - 13:14

but using your basic options,
13:14 - 13:17

it still allows you to kind of customize
13:17 - 13:18

your network protection,
13:18 - 13:21

your firewall protection a little bit
13:21 - 13:23

without being so overwhelming that
13:23 - 13:25

somebody who's not comfortable with
13:25 - 13:28

networking and firewalls is going to be
13:28 - 13:29

overwhelmed
13:29 - 13:33

and not do it.

Title:: Configuring Windows Defender Firewall
Description:: more » « less
Video Language:: English
Duration:: 13:31

	OEVIDEOS edited English subtitles for Configuring Windows Defender Firewall
	OEVIDEOS edited English subtitles for Configuring Windows Defender Firewall

English subtitles

Revisions Compare revisions

Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	2	OEVIDEOS
	1	OEVIDEOS

Configuring Windows Defender Firewall

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)