How to Properly Configure Windows 11 Firewall: A Complete, Detailed Guide

Protecting your computer from unauthorized access is one of the first lines of defense in ciberseguridad. And in Windows 11, that key role is played by the Microsoft Defender Firewall. Although many people leave it enabled by default, the truth is that taking advantage of all its options can make a big difference in the security of your computer.

In this complete guide We explain step by step how to configure the firewall in Windows 11, both from the basic interface through Windows Security, and from the advanced console for more experienced users who want to thoroughly customize their network rules. You'll also learn how to temporarily disable it, how to apply rules using group policies, and the differences between configuring a public or private network.

What is Windows Firewall and why should you configure it?

The Windows 11 Firewall acts as a filter between your computer and external connections.It evaluates the traffic attempting to enter or exit the network and decides whether to allow it or not based on the rules it has defined. It's like a constantly monitored door that determines who enters and who doesn't.

Its main function is to prevent unwanted access to the system, protect your personal data and block potential threats such as malware, Trojans or intrusions from public or unsecured networks. It comes enabled by default, but that doesn't mean it's tailored to your specific needs.

Properly configuring your firewall allows you to customize security based on where you're connected.Browsing your home network isn't the same as browsing Wi-Fi at a coffee shop or a corporate network. You can also precisely control which apps or services can communicate with the outside world, on which ports, and under which protocol.

How to access Firewall settings in Windows 11

The easiest way is through the application Windows security, included as standard with the operating system. To open it, follow these steps:

1. Click the start button or press Win+Q and type “Windows Security”.
2. Within the main menu, access the section Firewall and network protection.
3. You will see the three available profiles: domain network, private network y public networkYou can click on each one to manage its protection individually.

From here you can enable or disable the firewall for each type of network., as well as accessing other configuration options such as allowing an app through the firewall or restoring default values ​​if something has gone wrong.

Differences between public, private and domain networks

One of the key points in configuring your firewall is to understand what type of network you are using:

• Public network: This is the most restrictive option. It's recommended when you're connected to open Wi-Fi networks, such as in bars, airports, or libraries. The firewall blocks most incoming connections by default.
• Private network: Designed for home or trusted networks (like your home), where you can allow certain connections to share files, printers, or access home devices.
• Domain network: Used in enterprise environments where devices are controlled by a domain controller. Rules can be predefined by the network administrator.

The correct choice of profile directly influences how the firewall behaves and which connections will be allowed.. Make sure you select it correctly based on the environment you're connecting to.

Turn Windows Firewall on or off

Although it's not recommended to permanently disable the firewall, you can do so if you need to test whether it's interfering with a specific connection or application. To do this:

1. Opens Windows security and enters Firewall and network protection.
2. Click on the type of network you are currently using.
3. Flip the switch Microsoft Defender Firewall disabled. You will be asked to confirm as an administrator.

Remember to reactivate it as soon as possible to avoid leaving your device unprotected.. You can also click on the option “Restore settings” to restore everything to its original values.

Allow an application through the firewall

There are times when a program you need to use is blocked by the firewall. Instead of disabling it, it's safer to allow access to that specific application:

1. Sign in Firewall and network protection
2. Click on Allow an application to pass through the firewall
3. In the pop-up window, click on Change settings.
4. Check the box next to the app you want to allow and select whether to allow it on private, public, or both networks.

You can also add a manual exception if the app is not listed.. Click “Allow another app” and navigate to its executable file.

What are the entry and exit rules?

Firewall rules are custom filters that allow or block connections based on different criteria.: programs, ports, protocols, IP addresses, etc. They are divided into two main categories:

• Entry rules: They control what incoming traffic can access your device from outside.
• Exit Rules: They determine what traffic can leave your computer.

Windows Defender allows you to manage these rules in a basic way from the Control Panel, but more advanced users can use the console Windows Firewall with Advanced Security to have complete control over them.

Types of rules you can apply in the firewall

From the advanced console, located at wf.msc, you can create very specific rules. Here are some of the most common ones:

• Program Rules: Allow or block traffic for a specific executable.
• Port rules: They control which ports are open to receive or send data.
• custom rules: You can combine filters by IP, protocols, specific services, schedules, etc.
• Predefined rules: Windows comes with some by default that you can enable or disable.

These rules apply to one or more network profiles (public, private, or domain), allowing you to tailor behavior based on your environment..

Create a rule from the advanced console

For users who need a higher level of control, the console Windows Firewall with Advanced Security is ideal. Access by typing wf.msc in the start search box and press Enter.

For example, to create a rule that allows incoming ICMP traffic (useful for pinging your device):

1. Open the advanced firewall and go to Entry rules.
2. Choose Action > New rule.
3. Choose Personalized and the wizard continues.
4. Select ICMPv4 or ICMPv6 protocol depending on your network.
5. Decide whether to apply it to all programs or a specific one.
6. defines a the legal end and choose whether you want to allow or block the connection.
7. Select the network profile to which the rule will apply.
8. Enter a descriptive name and save the new rule.

This process can be adapted for specific programs, ports, or services.

Example: Allow a specific program

1. En Entry rules, Select New rule.
2. Choose and then “This program path”.
3. Indicates the location of the executable (you can use environment variables).
4. In Protocol and Ports, you can limit to TCP, UDP, or a specific port.
5. Defines whether it will apply to all IP addresses or specific ones.
6. Choose Allow connection.
7. Apply to the profiles you want.
8. Give the rule a name and save.

The level of customization is enormous, to the point of managing individual services within an executable containing several.

Related article:

Remote Desktop Through Windows Firewall: Step by Step

Isaac

Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.