How to Open/Allow Ports in Windows Server Firewall?

How to Open/Allow Ports in Windows Server Firewall: Complete Tutorial

Introduction

Opening and allowing specific ports through the Windows Server firewall is an essential task for network administrators and server managers. Whether you’re hosting web applications, databases, remote desktop services, or other network-dependent services, properly configuring port access is crucial for functionality while maintaining security.

This tutorial explains how to open a port in Windows Server (using Windows Firewall).

Prerequisites

Before proceeding with this tutorial, ensure you have

Windows Server (2016, 2019, or 2022)
Administrator access to the server
Basic understanding of networking concepts and port functionality
Knowledge of which specific ports need to be opened for your services
A backup of your current firewall settings (recommended)

Method 1: Using Windows Firewall with Advanced Security (GUI)

The Windows Firewall with Advanced Security provides a graphical interface for managing firewall rules, including port access.

Step 1: Open Windows Firewall with Advanced Security

Click on the Start button
Type “Windows Firewall” in the search box
Select “Windows Defender Firewall with Advanced Security” from the results
Alternatively, you can open it through Server Manager → Tools → Windows Defender Firewall with Advanced Security

Step 2: Create a New Inbound Rule

In the left pane, click on Inbound Rules
In the right pane (Actions), click on New Rule…
In the New Inbound Rule Wizard, select Port and click Next

Step 3: Specify the Port Details

Select either TCP or UDP based on your requirements
Choose Specific local ports and enter the port number(s)
- For a single port, simply enter the number (e.g., 8080)
- For multiple ports, separate them with commas (e.g., 80, 443)
- For a range of ports, use a hyphen (e.g., 5000-5010)
Click Next to continue

Step 4: Specify the Action

Select the appropriate action:

Allow the connection: All connections that match these criteria will be permitted
Allow the connection if it is secure: Only secure connections will be allowed
Block the connection: All connections that match these criteria will be rejected

For this tutorial, select Allow the connection and click Next

Step 5: Specify When the Rule Applies

1. Select the network location types where this rule should apply:

Domain: Networks identified as domain networks
Private: Networks identified as private (e.g., home or work networks)
Public: Networks identified as public (e.g., coffee shops, airports)

2. Select the appropriate options based on your network environment
3. It’s generally recommended to be more restrictive, especially for public networks
4. Click Next to continue

Step 6: Name and Describe the Rule

Enter a name for the rule (e.g., “Allow JAVA Traffic”)
Optionally, enter a description to document the purpose of the rule
Click Finish to create and enable the rule

Method 2: Using Command Prompt (netsh)

The netsh command-line tool provides another method to configure the Windows Firewall.

Step 1: Open Command Prompt as Administrator

Click on the Start button
Type “cmd“
Right-click on Command Prompt and select Run as Administrator

Step 2: Create a Firewall Rule with netsh

To add a basic firewall rule:

cmd

netsh advfirewall firewall add rule name="Allow Port 8080" dir=in action=allow protocol=TCP localport=8080

Step 3: Create More Specific Rules with netsh

For a more specific rule:

cmd

netsh advfirewall firewall add rule name="Allow JAVA Port" dir=in action=allow protocol=TCP localport=8080 profile=domain,private remoteip=192.168.1.0/24

This command creates a rule that:

Allows inbound TCP traffic on port 8080 (Custom Java Port)
Only applies to Domain and Private networks
Only allows connections from the 192.168.1.0/24 subnet

Step 4: Verify the Rules with netsh

To show all inbound rules:

cmd

netsh advfirewall firewall show rule name=all dir=in

To show a specific rule:

cmd

netsh advfirewall firewall show rule name="Allow JAVA Port 8080"

Best Practices for Managing Ports in Windows Server

1. Use the Principle of Least Privilege

Only open ports that are absolutely necessary for your services to function. Each open port is a potential entry point for attacks.

2. Document All Firewall Rules

Maintain detailed documentation of all firewall rules, including:

Port number and protocol
Purpose of the rule
Date implemented
Who implemented it
Any expiration date if temporary

3. Regularly Audit Your Firewall Rules

Schedule regular reviews of your firewall rules to identify and remove any unnecessary or outdated rules.

powershell

Get-NetFirewallRule | Export-Csv -Path C:\FirewallRules_$(Get-Date -Format "yyyyMMdd").csv -NoTypeInformation

4. Use Specific IP Restrictions When Possible

Whenever possible, restrict access to specific IP addresses or subnets rather than allowing traffic from any source.

powershell

New-NetFirewallRule -DisplayName "Allow JAVA Port from Support" ` -Direction Inbound ` -Protocol TCP ` -LocalPort 8080 ` -Action Allow ` -RemoteAddress 192.168.10.0/24

5. Implement Port Monitoring

Set up monitoring to detect unusual traffic patterns on your open ports, which could indicate a security breach.

Troubleshooting Common Port Issues

Issue 1: Service Is Not Accessible Despite Open Port

Verify the service is actually running on the server
Confirm the service is bound to the correct IP address and port
Check for any local firewall software that might be blocking the connection
Use netstat -ano to verify the service is listening on the expected port
Test local connectivity using telnet localhost [port]

Issue 2: Rule Exists But Port Is Still Blocked

Check if multiple conflicting rules exist (a block rule might be overriding an allow rule)
Verify the rule is enabled
Ensure the rule applies to the current network profile (Domain/Private/Public)
Check if Windows Defender or other security software is blocking the connection
Temporarily disable the firewall to test if it’s the source of the blocking:

powershell

# Disable firewall (for testing only) Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

powershell

# Don’t forget to re-enable it after testing Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Issue 3: Port Configuration Works Locally But Not Remotely

Check for intermediate firewalls, routers, or proxy servers
Verify Network Address Translation (NAT) is properly configured if applicable
Use a port scanning tool from the remote location to check if the port is reachable
Test with a simple telnet connection from the remote location

Common Ports and Their Functions

Here’s a quick reference of commonly used ports that you might need to open:

Port	Protocol	Service	Description
20, 21	TCP	FTP	File Transfer Protocol
22	TCP	SSH	Secure Shell
23	TCP	Telnet	Remote login service (insecure)
25	TCP	SMTP	Simple Mail Transfer Protocol
53	TCP/UDP	DNS	Domain Name System
80	TCP	HTTP	Hypertext Transfer Protocol
443	TCP	HTTPS	HTTP Secure
389	TCP/UDP	LDAP	Lightweight Directory Access Protocol
636	TCP	LDAPS	LDAP over SSL
1433	TCP	SQL Server	Microsoft SQL Server database
3306	TCP	MySQL	MySQL database
3389	TCP	RDP	Remote Desktop Protocol
5985	TCP	WinRM	Windows Remote Management (HTTP)
5986	TCP	WinRM	Windows Remote Management (HTTPS)
8080	TCP	HTTP Alternate	Alternate HTTP port, often used for web proxies

Conclusion

By properly configuring your Windows Server firewall, you ensure that legitimate traffic can reach your services while blocking potential security threats, maintaining both functionality and security for your server environment.

HostingHome Tip: For security, restrict open ports to only necessary services & use IP whitelisting where possible.

Need help? Contact HostingHome Support for expert server security assistance! 🚀