How to Create an Inbound Firewall Rule (Exception)

Summary

This document covers how to create a local exception in the windows firewall.

Body

Overview

This document covers how to create a local exception in the windows firewall.

Prerequisites

For all of campus work with Desktop Support Coordinator or Defender Administrator. 

Resolution

Please Note: Now that we are using defender as our Anti-virus product the windows firewall is used. All incoming connections that are not specifically allowed are blocked by default. This means ports will need exceptions created for them in order to function properly. Computer technicians should assess the situation to determine if a single exception on the local client is needed or if the issue is a larger one and an exception for all of campus needs to be made.
  1. Press the Windows Key (It has the windows logo on it) and R key at the same time to open a Run window
  2. Type WF.msc and hit enter, this will open the windows firewall application.
  3. Click Inbound Rules on the left side of the window. Uploaded Image (Thumbnail)
  4. Click New Rule… on the right side under Actions. (A window will open up to create a new rule.)
  5. Click the Port radio button and click Next.
Note: Note: It defaults to Program, but most exceptions will be made by port.

Uploaded Image (Thumbnail)

  1. The default traffic type is TCP and will be used most of the time. Type in the port number under Specific local ports. You can specify a range of ports by putting a dash between the number or separate individual ports with a comma.

Uploaded Image (Thumbnail)

  1. Click Allow the connection, Click NextUploaded Image (Thumbnail)
  2. If the connection is to a Ferris resource, the Domain option is the only one to be checked.
Note: By default, all three network types are checked. For security it is best to limit this to the appropriate scope. Use your judgement to select the appropriate options.

Uploaded Image (Thumbnail)

  1.  Give the rule a Name and Description
Note:  Name the rule based on the application/port being excepted. For the description, be specific enough that the next tech to look at it will understand why the exception is there. It is good practice to put your name and the date the exception was created.
  1. Click Finish and the rule will be added to the list of inbound rules in the center of the firewall window.Uploaded Image (Thumbnail)

If the inbound connection will be coming from the same IP address such as a server, printer or machine with a static IP address then, configure the Scope.

  1. Double click on the rule and go to the Scope tab.
  2. Select the radio button for These IP addresses under Remote IP addressUploaded Image (Thumbnail)
  3. Type in the IP address of the remote device and click OK.Uploaded Image (Thumbnail)
  4. Click OK
  5. Test that everything is working as intended and create more rules as needed.

Still Need Help? 

Call the IT Solution Center

Details

Details

Article ID: 2525
Created
Mon 11/20/23 9:06 AM
Modified
Fri 10/31/25 2:26 PM