This is a guest post by Aseem Kishore, the lead blogger for HelpDeskGeek.com, which focuses on providing Help Desk tips to IT Professionals. Want to write a guest post for us? Drop us a line using the contact us form.
Windows Firewall blocks incoming network connections to your computer to help protect it from malicious programs trying to connect to your computer and steal your data. Note that it does not block outbound connections, so if spyware or malware does ever get installed on your computer, it can send out data without any restriction.
Overall, having the firewall turned on is good, but there are many occasions when Windows Firewall blocks incoming connections for legitimate programs. Most of the time, you’ll get a dialog box asking you whether or not to unblock a program, but sometimes you have to add an exception to the Firewall list manually.
In Windows Firewall, you can either unblock programs or unblock specific ports. When you unblock a program, any ports that the program uses are also unblocked just for that program. Most of the time you only need to unblock a program and not worry about the ports.
The only time you have to worry about opening ports is when you are doing something like running Remote Desktop with a non-standard port number like 3390 instead of 3389. In that case, you have to manually add an exception for port 3390.
Add Exceptions to Windows Firewall?
First open the Control Panel and click on Windows Firewall. Then click on the Exceptions tab. You should see a list of programs and services, some with check marks and some without.
Anything with a check mark means it’s not blocked by the firewall. You’ll also notice the option at the bottom Display a notification when Windows Firewall blocks a program. If you find that the unblock message is not longer appearing when you run it for the first time, make sure this box is checked, otherwise it will be blocked without any notification.
To add a program to the unblock list, click on Add Program and either select a program from the list or click Browse and locate the application manually.
Click OK and the program will be added into the main list of unblocked program and services. You can also click the Change scope button and specify which computers you would like the program unblocked for.
Click on Add Port to add a specific port to the firewall exception list.
Give the port that you want to unblock a name, i.e. FTP for port 21, HTTP for port 80, RDP for 3389, etc. The name can be anything you want. Type in the port number and choose whether you want to unblock the TCP or UDP port.
Remember that adding a port exception is more insecure than adding a program exception. Only add port exceptions if absolutely necessary because that port is now open to ALL programs.
Also be sure to name your open ports properly so that you know exactly what each entry refers to. It’s best to put the port number in the Name filed also, such as FTP 21, etc.
You can also add exceptions in Windows Firewall for an entire connection. So let’s say you want to keep your Wireless connection protected by using the firewall since you mostly use the wireless at your home, but don’t really care about keeping the firewall on while at the office because it’s through a secure LAN connection. Well click on the Advanced tab and simply un-check which connections you do not want to protect with the firewall.
If you want to run your computer as a web server, FTP server, POP3 server, telnet server, or some other kind of server, you can click on the connection and then on the Settings button and add an exception for a particular service.
That’s about all the exceptions you can possibly add to the Windows Firewall. If you really just don’t want anything blocked, simply choose the Turn Off button on the main Windows Firewall dialog box! Enjoy!