Enable Notifications to Open Firewall Ports in Windows Server 2012 R2
In this Ask the Admin, I’ll show you how to quickly create Windows Firewall rules when network traffic is blocked.
Windows Firewall is an endpoint protection technology that by default blocks most inbound traffic to Windows, preventing malicious processes from probing the system to find an easy way in. It’s critical that Windows Firewall should remain enabled, but it can be tempting to disable it for troubleshooting purposes.
While it may seem reasonable to temporarily turn off Windows Firewall, this often leads to a permanent need to work with the firewall disabled, sometimes because we simply forget to re-enable it or that it was never determined which ports needed to be opened for a particular service or application to work. And in most cases, it/s not necessary to turn off Windows Firewall to determine if an issue is indeed being caused by blocked network traffic.
Enable Windows Firewall Notifications in Windows Server
Unlike client versions of Windows, firewall notifications aren’t enabled in Windows Server by default. If you encounter an issue where you suspect that Windows Firewall is blocking network traffic, I recommend that you enable notifications rather than turning off the firewall. Not only is this a safer option than disabling the firewall, but Windows will offer to automatically create a rule to allow the blocked traffic through the firewall.
To check the Windows Firewall configuration in Windows Server 2012 R2, log in as a local administrator, open a PowerShell prompt and run the command below:
You can replace domain with * in the –Name parameter if you want to see the configuration for all firewall profiles. To enable notifications, run the Set-NetFirewallProfile cmdlet as shown here. I've specified the domain profile, because Windows Firewall detects that the server is connected to an Active Directory domain:
src="https://petri-media.s3.amazonaws.com/2015/03/Figure25.jpg" alt="Windows Firewall notification (Image Credit: Russell Smith)" width="538" height="334" /> Windows Firewall notification (Image Credit: Russell Smith)[/caption] Now run your network application, you'll be notified with the option to unblock inbound access to the application if Windows Firewall is blocking traffic.
Determine Ports using netstat.exeAllowing Windows to automatically create firewall rules is preferable to disabling Windows Firewall. If you look at the rules, you'll see they are somewhat generic, specifying the application without specifics, such as inbound or outbound IP addresses and ports. If you want to be more specific about the rules, you can use netstat.exe to determine the exact ports, protocols and IP addresses being used by the application. While the Get-NetTCPConnection PowerShell cmdlet is similar to netstat.exe, it's not currently able to retrieve information about processes, so it's better to use netstat.exe until Get-NetTCPConnection catches up. Log in as a local administrator on the sending server, open a command prompt and run netstat –b. In the resulting output, you/ll see a list of connections, along with port, IP address and executable information. If the network traffic is bidirectional, repeat this procedure on the receiving server.
Create Firewall RulesThe output of netstat.exe shows that the remote server (contososrv3) needs to allow inbound connections on TCP port 7001 from 10.0.0.6 (contososrv4). On contososrv3, log in as a local administrator, open a PowerShell prompt, and run the New-NetFirewallRule cmdlet as shown here to create an inbound rule, replacing Windows PowerShell Console with a relevant name for your firewall rule, and all other details as appropriate:
If you already have a more generic rule set up, you can delete it using Remove-NetFirewallRule, replacing Windows PowerShell Console with the existing rule name:
More in Security
Petri Dish: Cybersecurity vs IT Security with Devolutions
Sep 28, 2022 | Russell Smith
Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator
Sep 22, 2022 | Rabia Noureen
Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices
Sep 12, 2022 | Rabia Noureen
LastPass Confirms Internal Source Code Compromised in Security Breach
Aug 26, 2022 | Rabia Noureen
Avast Gets New Ransomware Shield to Protect Small Businesses
Aug 24, 2022 | Rabia Noureen
Mandiant Warns Hackers Now Use New Trick to Bypass MFA
Aug 22, 2022 | Rabia Noureen
Most popular on petri