Why Configure Windows Firewall?
Windows Firewall with Advanced Security controls inbound and outbound network traffic on your Breeze. Proper configuration reduces the attack surface by blocking unauthorized connections while allowing legitimate services to operate.
Accessing Windows Firewall
Open Windows Defender Firewall with Advanced Security from Server Manager or run:
wf.mscUnderstanding Rule Types
- Inbound Rules — control traffic coming into the server
- Outbound Rules — control traffic leaving the server
- Connection Security Rules — configure IPsec authentication
Creating an Inbound Rule via GUI
In the Firewall console, click Inbound Rules > New Rule. Select the rule type (Port, Program, Predefined, or Custom). For example, to allow a web server on port 443, select Port, choose TCP, enter 443, and set the action to Allow.
Managing Rules via PowerShell
# Allow inbound HTTPS traffic
New-NetFirewallRule -DisplayName "Allow HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow
# Allow a custom application port
New-NetFirewallRule -DisplayName "My App Port" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow
# Block an IP address
New-NetFirewallRule -DisplayName "Block Bad IP" -Direction Inbound -RemoteAddress 203.0.113.50 -Action Block
# List all firewall rules
Get-NetFirewallRule | Format-Table DisplayName, Direction, Action, Enabled
# Remove a rule
Remove-NetFirewallRule -DisplayName "My App Port"Restricting RDP Access
Limit RDP connections to specific IP addresses for added security:
Set-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)" -RemoteAddress 198.51.100.10,198.51.100.20Firewall Best Practices
- Use the principle of least privilege — only open required ports
- Regularly audit firewall rules and remove unused entries
- Log blocked connections for security monitoring