question

TeemoTang-MSFT avatar image
0 Votes"
TeemoTang-MSFT asked JennyFeng-MSFT answered

Windows Firewall - Block all traffic by default unless traffic matches explicitly defined rules

I need to create a firewall policy that blocks all inbound and outbound traffic by default unless it matches explicitly defined rules. Do I need to create a "deny all" rule in Windows Firewall like you need to do on Cisco firewalls, or does Windows Firewall block all traffic by default unless it matches the predefined rules? The documentation I've read on Microsoft Docs isn't 100% clear about this.
source link:
https://social.technet.microsoft.com/Forums/windows/en-US/2dc2269c-95dd-4827-b955-9fd5675d0276/windows-firewall-block-all-traffic-by-default-unless-traffic-matches-explicitly-defined-rules?forum=ws2016

windows-server-2016
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JennyFeng-MSFT avatar image
0 Votes"
JennyFeng-MSFT answered

Thanks for your posting here.

By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic.

By default, Windows Defender Firewall block all inbound network traffic unless it matches a rule that allow the traffic.

As you can see in the following picture:
12484-image.png


For more details, you can see the article below:

Create an Outbound Port Rule

Create an Inbound Port Rule

Hope this can help you understand better.



image.png (45.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.