windows includes a built-in firewall they refer to as the Windows Defender Firewall this firewall is always enabled and ideally you would always have this configured and running on your Windows system but there may be times when you want to do some troubleshooting and perhaps temporarily disable the firewall while you run those troubleshooting steps you can either start the Windows Defender Firewall frontend from the control panel or launch it from the search option inside of Windows from here you'll see different networks that have been configured for example you can have one set of security policies if you're connected to a private network and a completely different set of security policies if you're connected to a public network just remember that you'll need elevated rights if you want to choose the option to turn off the Windows Defender firewall there are some very broad settings you can configure inside of Windows Defender for each one of these different categories of network for example if you're on a private network or a public network you can choose individual settings for each of those network connections broadly speaking you can turn on Windows firewall if the firewall is turned on you can choose to block all incoming connections including those that you may have explicitly allowed this should be turned on if you're concerned about anybody trying to connect to your system and you can choose to have Windows Defender notify you if it blocks a new app but you might need more granularity than that when it comes to setting firewall rules for example you might have a specific application that is running on your computer and you'd like to allow it to receive incoming connections or if you don't want to specify a particular executable you can simply use a port number that that application uses windows Defender also includes a large list of predefined applications that you can then set to enable or disable depending on where you may be connected and if none of these apply you may want to build your own exception using the tools available inside of Windows Defender Firewall from our control panel we know that Windows Defender Firewall is right here at the bottom we'll select that and it will bring up the settings for Windows Defender Firewall this one has settings for our domain networks our private networks and our guest or public networks you can see right now that Windows Defender is on it blocks all connections that are not on the list it tells me what my current private network happens to be and this is set to not notify me if it blocks a new app i would like to turn on the power user mode of Windows firewall and these advanced settings are available by clicking this option in the lefth hand menu this will bring up a separate window that is called the Windows Defender Firewall with advanced security this allows you as the administrator access to modify every possible configuration that's available inside of Windows Defender let's have a look at the inbound rules you can see there's a large number of inbound rules already set there are outbound rules also available in Defender Firewall there are connection security rules that you can configure and there's monitoring tools included as well let's create a new inbound rule inside of Windows Defender Firewall we'll choose that option and we'll right mouse click on the words inbound rule and we'll choose the option for a new rule this brings up a dialogue box that allows me to set a new rule type and I can create one based on an application or program i can create a rule that includes a TCP or a UDP port i could choose any of the predefined rules that are inside of Windows Defender or I can create a custom rule quickly let's look at the predefined rules you can see there are a large number of rules that are already built into Windows Firewall but let's create our own rule by choosing the custom option and clicking next the first option is for program where we can specify a certain application that will apply for this rule or we can choose that all applications apply to this rule let's keep that one in place and click next now we can select a protocol and a port number let's say in our scenario that we want to prevent anyone from connecting to a web server that's running on our computer using port 80 which is the non- enrypted form of web communication to be able to do that we'll need to set a rule that blocks all incoming traffic that is inbound on TCP port 80 and so from the protocols and ports window we're going to specify that this is a TCP port we're then going to choose the local port that will be used in this case it is a specific port and not all ports and we're going to specify port 80 the remote port or the port that is coming from the remote device can be any port number for this rule so we'll choose those options and click next it then says what local IP address does this rule apply to this could be any IP address on this local device or from a remote IP address or we can specify an individual IP address that we would like to use for this rule in this case we'll keep both of these as any IP address and we'll click next now we have the disposition of what we would like to do with this traffic if it matches this rule we can allow this connection allow it if it's secure or block the connection since we want to block everything using TCP port 80 we will choose to block the connection and click next windows now wants us to define what network is going to apply this particular rule will this be the domain network a private network or a public network in this case it will be any of those connections so we'll leave the default check marks in place and click next now we have to give this rule a name we'll say block unencrypted web traffic and we'll click finish and now we've created a brand new rule that blocks any unencrypted web traffic that is inbound to our computer using TCP port 80