All Products
Search

This Product

    Elastic Compute Service:Enable or disable the Windows firewall

    Document Center

    Elastic Compute Service:Enable or disable the Windows firewall

    Last Updated:Nov 25, 2024

    The Windows firewall, a built-in security component of the Windows operating system, manages network traffic to prevent unauthorized access and protect against malicious attacks. Enabling the firewall and configuring its rules can block external access, which may prevent remote server connections. This topic describes the procedures for enabling and setting up firewall rules or disabling the system firewall in Windows to facilitate remote server access.

    Enable or disable the firewall

    Step 1: Check the firewall status

    Determine the need to enable or disable the firewall by checking its current status.

    1. Connect to the Windows instance by using VNC. For more information, see Connect to an instance by using VNC.

    2. Select Start > Control Panel from the menu bar.

    3. Choose View by as Small icons, and click Windows Defender Firewall.

      Note

      The option names may vary with different Windows system versions. If there is no Windows Defender Firewall option, you can select Windows Firewall.

      image

    4. Click Advanced settings in the Windows Defender Firewall interface.

    5. In the Windows Defender Firewall with Advanced Security window, review the current status in the Overview section.

      Note

      When you manage the firewall, we recommend that you enable or disable the settings across Domain Profile, Private Profile, and Public Profile. To check the firewall status, ensure the Domain Profile status, the Private Profile status, and the Public Profile status are all aligned. If discrepancies are found, follow the subsequent steps to align the profiles.

      image

    Step 2: Enable or disable the firewall

    Enable or disable the firewall based on your requirements. If you choose to enable it, then you must configure firewall rules.

    Enable the firewall

    After you enable the firewall, it allows to regulate network traffic based on the rules you configure.

    1. In the Windows Defender Firewall with Advanced Security window, access the Windows Defender Firewall Properties.

      image

    2. Select On (recommended) and click Apply.

      Note

      We recommend that you enable all firewalls on the Domain Profile, Private Profile, and Public Profile tabs.

      image

    Disable the firewall

    Disabling the firewall stops its control over network traffic.

    1. In the Windows Defender Firewall with Advanced Security window, access the Windows Defender Firewall Properties.

      image

    2. Select off and click Apply.

      Note

      We recommend that you disable all firewalls on the Domain Profile, Private Profile, and Public Profile tabs.

      image

    Configure firewall rules

    Once the firewall is enabled, configure rules to permit specific types of access. This section provides an example on how to create a rule to allow remote connections. You can refer to two methods below for setting up firewall rules. Adjust these configurations based on your needs.

    Method 1: Add a port rule

    Enable remote connections by allowing traffic through the local Remote Desktop Protocol (RDP) port. By default the TCP port is 3389.

    Note

    If the RDP port is changed, add the actual port to the inbound rules.

    1. Click Inbound Rules in the Windows Defender Firewall with Advanced Security window, then select New Rule.

      Note

      For instructions on how to access the Windows Defender Firewall with Advanced Security window, refer to Step 1: Check the firewall status.

      image

    2. In the New Inbound Rule Wizard, select Port for Rule Type and click Next.

      image

    3. During the Protocol and Ports step, choose TCP as the protocol, enter the Specific local ports that you want to use, and then click Next.

      Note

      Tip: Use the actual RDP port, which is 3389 by default.

      image

    4. Choose Allow the connection in the Action step and click Next.

      image

    5. In the Profile step, proceed with the default settings and click Next.

      image

    6. During the Name step, input the rule name and click Finish.

    7. Connect to the instance through Remote Desktop Connection tool. Enter the RDP port number to the address and specify the username under Show Options. For example: 192.168.1.2:3389 and Administrator.

      image

    Method 2: Add a predefined rule

    Allow Remote Desktop access by adding a predefined "Remote Desktop" related rule to the inbound rules.

    Important

    This method is suitable only if the Remote Desktop Protocol (RDP) port remains unchanged and uses the default TCP port 3389.

    1. Click Inbound Rules in the Windows Defender Firewall with Advanced Security window, then select New Rule.

      Note

      For instructions on how to access the Windows Defender Firewall with Advanced Security window, refer to Step 1: Check the firewall status.

      image

    2. In the New Inbound Rule Wizard window, select Predefined for Rule Type, choose Remote Desktop, and click Next.

      image

    3. In the Predefined Rules step, select Remote Desktop - User Mode (TCP-In) and click Next.

      Note

      If your Windows version is earlier and lacks the Remote Desktop - User Mode (TCP-In) option, select Remote Desktop (TCP-In) instead.

      image

    4. In the Action step, select Allow the connection and click Finish.

      image

    5. Connect to the instance through Remote Desktop Connection tool. Enter the RDP port number to the address and specify the username under Show Options. For example: 192.168.1.2:3389 and Administrator.

      image

    References