8 Best Practices for Windows 11 Firewall to Keep Your System Secure
Always keep the Firewall turned on
6 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
With increasing concerns for privacy and security, it has become essential to understand and implement the best settings on your device for safety. Though Windows 11 has a robust firewall, you need to optimize the settings to maximize the first line of defense. In this guide, we will discuss some of the best practices for the Windows 11 firewall. Read on!
What are the Windows 11 Firewall best practices?
1. Always keep the Windows Firewall enabled
- Press Windows + I to open the Settings app.
- Go to Privacy & security, then select Windows Security.
- On the Windows Security app, locate and click Firewall & network protection.
- You will see a Domain network, a Private network, and a Public network. Check if all three say the Firewall is on.
- If you see the Firewall is off message under any of them, click Turn on.
- Click Yes on the UAC prompt and locate Microsoft Defender Firewall, and toggle on the switch to enable it.
The most fundamental thing is to keep the Windows Firewall enabled at all times, as a disabled firewall risks exposing your device to various threat actors.
2. Block the unused ports
- Press the Windows key, type windows security in the search box, and click Open.
- Go to Firewall & network protection.
- Click the Advanced settings option to access the Windows Defender Firewall with the Advanced Security window.
- Click Inbound Rules or Outbound Rules from the left pane, and click New Rule from the right.
- Select Port and click Next.
- Now, select TCP or UDP, enter the specific port number to block and click Next.
- Select Block the connection and click Next.
- Place a checkmark next to all the network profiles (Domain, Private, and Public), then click Next.
- Name the rule and click Finish.
Reduce the number of entry points for unauthorized access to maintain system security and minimize the attack surface.
3. Enable security notifications
- Press the Windows key, type control panel in the search box, and click Open.
- Select Category for View by and click System and security.
- Click Security and Maintenance.
- Click Change Security and Maintenance settings.
- Under Turn messages on or off, make sure Network Firewall is selected, and click OK to save the changes.
Enabling the notifications will help you get alerts whenever the firewall blocks apps or connection attempts, allowing you to identify and respond to unauthorized access requests.
4. Create outbound or inbound rules
- Press the Windows key, type Windows security in the search box, and click Open.
- Go to Firewall & network protection.
- Click the Advanced settings option to access the Windows Defender Firewall with the Advanced Security window.
- Click Inbound Rules or Outbound Rules from the left pane, and click New Rule from the right.
- Follow the on-screen instructions and create rules, such as Allowing only trusted applications and services and restricting unwanted outbound connections to reduce exposure to threats.
Creating inbound and outbound rules can help you manage network security, protect sensitive information, and ensure that only authorized apps communicate with the network.
5. Enable Log settings
- Press the Windows key, type windows security in the search box, and click Open.
- Go to Firewall & network protection.
- Click the Advanced settings option to access the Windows Defender Firewall with the Advanced Security window.
- Select Windows Defender Firewall with Advanced Security on Local Computer, and click Properties from the right pane.
- Go to the Domain Profile tab, locate Logging, and click Customize.
- Look for the Size limit option and increase the log file size.
- Locate Log dropped packets and select Yes from the drop-down menu.
- Now go to the Public and Private profiles and do the same.
- Click OK, then OK to save the changes.
Enabling the logging of dropped packers and increasing the size of the log file will help you identify blocked connections when the Firewall is causing connection issues.
6. Customize network profiles
- Press the Windows key, type windows security in the search box, and click Open.
- Go to Firewall & network protection.
- You will see three network profiles: Domain, Private, and Public
- Click Domain network, and under Incoming connections, select Blocks all incoming connections, including those in the list of allowed apps.
- Click Yes on the UAC prompt. Then, use the arrow on the left side to return to the previous page.
- Go to the private and public networks and make the same changes under these profiles.
Customizing network profiles in Windows 11 Firewall is essential for adapting security measures to different environments.
7. Setup connection rules
- Press Windows + R to open the Run window.
- Type wf.msc and click OK to open the Windows Defender Firewall with the Advanced Security window.
- Click Connection Security Rules and select New Rule from the right pane.
- Choose Isolation, Server-to-Server, or Tunnel per your preferences and click Next.
- Now, follow the on-screen prompts to specify the connection type, authentication method, and the computer or network profile included.
- Once you have configured it, name the rule and click Finish.
Setting up connection security rules in the Windows 11 Firewall protects data and maintains a strong security posture. If Windows Defender Firewall prevents connections on your device, you can check this guide for solutions.
8. Use the monitoring tools
You can use monitoring tools to track network activity, monitor apps accessing the network, and analyze firewall events. To do that, you can open the Windows Defender Firewall with the Advanced Security window, go to Monitoring, and use options like Firewall, Connection Security Rules, and Security Association.
Moreover, you can right-click Windows Defender Firewall properties, click Logging, and enable logging for dropped packets and successful locations.
In addition to all these, keep reviewing, adding, and removing rules regularly according to your network environment.
If you’re wondering how to check if your Firewall blocks a website, then you should check these settings; read this guide to learn more.
In case the Windows Firewall has blocked some features of an app; it could be due to malware; check out this guide to know more.
If you think there are more tips that you can follow, feel free to share them with our readers in the comments section below. We will add them to the list.
User forum
0 messages