???? Using Windows Firewall with Advanced Security

Windows Firewall with Advanced Security (WFAS) is a powerful tool built into Windows that allows administrators to define inbound and outbound rules, control traffic at the port, protocol, and application level, and enhance the security of domain-connected devices.

???? What is Windows Firewall with Advanced Security?

WFAS is a host-based firewall integrated with IPsec, giving you granular control over network traffic. It protects computers by allowing or blocking traffic based on a rich set of rules that go beyond the basic on/off settings of the standard Windows Firewall.

You can manage WFAS via:

• GUI: wf.msc

• Group Policy

• PowerShell

???? Key Features

• Inbound and Outbound Rules
  Define what traffic is allowed into or out of the system.

• Connection Security Rules
  Use IPsec to authenticate and encrypt traffic between computers.

• Granular Filtering
  Filter traffic by program, service, port, IP address, and protocol.

• Integration with GPO
  Enforce consistent firewall rules across your domain.

???? Example Use Cases

✅ Allowing RDP Access

To allow Remote Desktop access:

1. Open wf.msc

2. Go to Inbound Rules

3. Enable Remote Desktop (TCP-In)

❌ Blocking a Specific Application

To block a program from accessing the internet:

1. Go to Outbound Rules

2. Create a new rule

3. Choose Program, select the .exe file

4. Set action to Block

???? Enforcing IPsec Encryption

To ensure traffic is encrypted:

• Create a Connection Security Rule

• Require IPsec authentication

• Define endpoints (source/destination IPs or subnets)

???? Best Practices

• Use "Block by default, allow by exception" model

• Regularly review enabled rules

• Disable or restrict "Any Any Allow" rules

• Test new rules in a lab before applying in production

• Use GPOs to deploy rules at scale

????️ PowerShell Examples

Allow HTTP (port 80):