Windows Firewall with Advanced Security (WFAS) is a powerful tool built into Windows that allows administrators to define inbound and outbound rules, control traffic at the port, protocol, and application level, and enhance the security of domain-connected devices.
WFAS is a host-based firewall integrated with IPsec, giving you granular control over network traffic. It protects computers by allowing or blocking traffic based on a rich set of rules that go beyond the basic on/off settings of the standard Windows Firewall.
You can manage WFAS via:
GUI: wf.msc
Group Policy
PowerShell
Inbound and Outbound Rules
Define what traffic is allowed into or out of the system.
Connection Security Rules
Use IPsec to authenticate and encrypt traffic between computers.
Granular Filtering
Filter traffic by program, service, port, IP address, and protocol.
Integration with GPO
Enforce consistent firewall rules across your domain.
To allow Remote Desktop access:
Open wf.msc
Go to Inbound Rules
Enable Remote Desktop (TCP-In)
To block a program from accessing the internet:
Go to Outbound Rules
Create a new rule
Choose Program, select the .exe
file
Set action to Block
To ensure traffic is encrypted:
Create a Connection Security Rule
Require IPsec authentication
Define endpoints (source/destination IPs or subnets)
Use "Block by default, allow by exception" model
Regularly review enabled rules
Disable or restrict "Any Any Allow" rules
Test new rules in a lab before applying in production
Use GPOs to deploy rules at scale
Allow HTTP (port 80):