Windows firewall port open: How To Open Firewall Ports In Windows 10

20 мая, 2021

Check Firewall Port Is Open Or Block On Windows 11 Using PowerShell Command HTMD Blog

Check Firewall Port is Open or Block on Windows 11 PC using PowerShell Command. Let’s understand how to check firewall port connectivity from Windows 11 PC.

There are different types of firewalls (2 of them are explained in this post) here with this topic of Windows 11 Firewall. Let’s try to identify and Fix application connectivity issues using the following steps.

More than one Windows firewall application can be installed on Windows 11 PCs. However, you also have firewall appliances placed between your server infrastructure in Data Center and Windows endpoint devices such as Windows 11 laptops.

Both the firewall settings come into the picture when you have a connectivity issue for the client-server application. So, it’s better to start troubleshooting from a firewall application installed on Windows 11.

Checking the Firewall ports connectivity with PowerShell command or Windows Terminal is the best option for Windows 11 PCs. I will be using the Test-NetConnection PS command to display diagnostic information for a connection.

Defender Windows 11 Firewall Application

I normally don’t recommend using any 3rd party antivirus and firewall applications for Windows 10 and Windows 11 home computers. Microsoft has its Antivirus, Anti-malware, and Firewall application called Microsoft Defender installed on all the Windows 11 and Windows 10 PCs.

You can launch the Microsoft Defender application configuration from Windows 11 Taskbar, as shown below. Click on the Blue icon to launch Microsoft Defender, Windows 11, Security settings.

Windows Defender Application – Microsoft Firewall – Check Firewall Port is Open or Block on Windows 11

The Windows Security settings app can be launched from the Search option from the Start menu. Search with Windows Security and open the Windows Security app. This app is by default installed on all Windows 11 PCs.

Defender Windows 11 Firewall Application

As you can see below, Firewall & Network Protection is enabled as an out of the box setting. Suppose you are looking at a Windows 11 PC of an organization, and you can see this enabled. In that case, the firewall component is managed by some other third-party applications such as Symantec or McAfee EPO.

Check Firewall Port is Open or Block on Windows 11 using PowerShell Command

How to Check and Identify Firewall Application Enabled on Windows 11?

How to check and identify the application providing firewall service on Windows 11 PCs? Can you identify the Firewall Application Enabled on Windows 11 using the following method? You can check this from the same Windows Security app discussed in the above section.

  • Open Windows Security App – Click on Settings.
  • You can manage Security providers on Windows 11 PC.
  • Click on Manage Providers link.

Under the Firewall section on the Security Provider page, you can see the Microsoft Firewall application manages the Firewall settings, and that is nothing but Microsoft Defender.

The following sections will have further troubleshooting options to Check Firewall Port is Open or Block on Windows 11 using PowerShell Command.

How to Check and Identify Firewall Application Enabled on Windows 11? Check Firewall Port is Open or Block on Windows 11

Test Ping and DNS Connectivity with Test-NetConnection PowerShell Command

You can now test the Ping and DNS Connectivity with Test-NetConnection PowerShell Command. You can use the Test-NetConnection PowerShell command to test connectivity and DNS (name resolution) between server and client. You can launch the Windows Terminal and type the following command to test whether internet connectivity is there or not.

Test-NetConnection bbc.com

I tried to reach BBC.COM with the Test-NetConnection PS command, which indicates the Firewall configurations, internet connection, DNS, Server IP, etc., on Windows 11 PC. And most of the time, the PING/ICMP is disabled on the server-side because of security reasons.

In the following scenario, the Windows 11 Firewall application (Microsoft Defender) is not blocking any communication between BBC and the client device. This is the first step to check whether the Firewall Port Open or Block on Windows 11 using PowerShell Command

Test Ping and DNS Connectivity with Test-NetConnection PowerShell Command – Check Firewall Port is Open or Block on Windows 11

The Test-NetConnection PowerShell command without any parameter works just like the PING command. This will help get the following details Computer Name, Remote Address, Network Interface details, Source IP, Ping Succeeded or failed status, Ping Reply Details (RTT).

NOTE! – Most of the time, PING/ICMP is disabled between client devices and servers.

Normally you will need to provide the destination address to check whether ICMP or PING is enabled between servers and Windows 11 client devices. The following is the example of Test-NetConnection from an Azure VM (Windows 11).

  • ComputerName : internetbeacon.msedge.net
  • RemoteAddress : 13.107.4.52
  • InterfaceAlias : Ethernet 2
  • SourceAddress : 10.1.0.12
  • PingSucceeded : False
  • PingReplyDetails (RTT) : 0 ms

Check Firewall Port is Open or Block on Windows 11 using PowerShell Command

More detailed ping results will be available if you use the following parameters of the Test-NetConnection PS command. With InformationLevel and Detailed parameters, you can get more Name Resolution Results, etc.

Test-NetConnection 10.1.0.6 -InformationLevel “Detailed”

  • ComputerName : 10.1.0.6
  • RemoteAddress : 10.1.0.6
  • NameResolutionResults : 10.1.0.6
    • cmmemcm.internal.cloudapp.net
  • InterfaceAlias : Ethernet 2
  • SourceAddress : 10.1.0.12
  • NetRoute (NextHop) : 0.0.0.0
  • PingSucceeded : True
  • PingReplyDetails (RTT) : 2 ms

Check Firewall Port is Open or Block on Windows 11 using PowerShell Command

Check Firewall Port is Open or Block on Windows 11 using PowerShell Command

The Test-NetConnection is one of my favorites to find the connectivity between server and client apps. You can easily check the firewall ports connectivity between Windows 11 PC and servers using PowerShell Command.

The Test-NetConnection command is part of the PowerShell module NetTCPIP. This module is loaded on all the Windows 11 PCs by default.

I used the following command to get the TCP firewall port connectivity details and understand whether the firewall port is opened between the remote server (10.1.0.6) and the Windows 11 client on port 80.

Test-NetConnection 10.1.0.6 -Port 80 -InformationLevel “Detailed”

You can check the below details to identify whether the TCP port 80 is opened between the remote server 10.1.0.6 and Windows 11 Client. The key components of the result are TcpTestSucceeded and NetToute.

The TCP Test Succeeded value should be True to confirm the TCP connection between remote server and client is successful. The UDP ports connectivity testing is not supported with this command line.

  • Computer Name : 10.1.0.6
  • RemoteAddress : 10.1.0.6
  • RemotePort : 80
  • NameResolutionResults : 10.1.0.6
    • cmmemcm.internal.cloudapp.net
  • MatchingIPsecRules :
  • NetworkIsolationContext : Internet
  • InterfaceAlias : Ethernet 2
  • SourceAddress : 10.1.0.12
  • NetRoute (NextHop) : 0.0.0.0
  • TcpTestSucceeded : True

Check Firewall Port is Open or Block on Windows 11 using PowerShell Command

Firewall Port Connectivity Troubleshooting with Route Diagnostics

You can perform route diagnostics to connect to a remote server from Windows 11 client using the Test-NetConnection command line. This is helpful to understand routing details from client to server. These types of information are useful for advanced network troubleshooting.

Related PostNetwork Trace Examples Microsoft RPC Remote Procedure Call

I used the following command to check the network route diagnostics between the remote server and Windows 11 client devices.

Test-NetConnection 10.1.0.6 -DiagnoseRouting -InformationLevel Detailed

RouteDiagnosticsSucceeded: True value gives you the confidence that network routing between remote server and Windows device is perfectly fine.

  • ComputerName : 10.1.0.6 RemoteAddress : 10.1.0.6
  • SelectedSourceAddress : 10.1.0.12
  • OutgoingInterfaceIndex : 6
  • SelectedNetRoute : DestinationPrefix: 10.1.0.0/24
    • NextHop: 0.0.0.0
  • DestinationAddressSelectionEvents :
  • RouteSelectionEvents :
  • SourceAddressSelectionEvents :
  • RouteDiagnosticsSucceeded : True

Firewall Port Connectivity Troubleshooting with Route Diagnostics

Troubleshoot Network Connectivity Issues on Windows 11

The entire blog post is intended to help with Troubleshooting Network Connectivity Issues on Windows 11. I see Netstat, Get-NetUDPEndpoint, and Get-NetTCPConnection commands are here to check and identify network-related issues. This helps to check what ports are open or blocked on Windows 11 PCs.

Network Connectivity Troubleshooting on Windows 11 using NetStat -ano commands from CMD; however, I would prefer to use PowerShell Commands such as Get-NetTCPConnection, Get-NetUDPEndpoint, etc.

You will need to use the Portqry.exe application to check whether the firewall port is open or blocked for the UDP port. The State is the important column in the results to understand whether the port is blocked or open.

There are four different states available for Windows 11 when using the Get-NetTCPConnection PowerShell command.

  • Listen – Shows the ports that are waiting to send an answer whenever a client – server program requests.
  • Bound – Show the ports that have transitioned out of time wait.
  • Established Internet – Show the posts that Established the connection to the internet.
  • Established – Show the ports that Established the connection without going to internet.

Troubleshoot Network Connectivity Issues on Windows 11

Conclusion Identify and Fix application connectivity issues

In this post, I tried to help you identify and Fix application connectivity issues on Windows 11 Device. First, we have checked the details of the Firewall application, and then we started checking the network connectivity between the remote server and Windows 11 client using the PowerShell command.

Firewall applications check on Windows 11 is important to isolate network or local Windows Firewall issues. In the scenario, you can disable the local Windows firewall application – Microsoft Defender to isolate the issue.

If this step didn’t help resolve the connectivity issue of your application, check firewall appliances placed in between the remote server and Windows 11 client. You can check this using many methods and command explained in the above section.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to see if Windows Firewall is blocking a port or program : Mashme.io




Mashme.io Team

Modified on: Mon, 3 Apr, 2023 at 9:01 AM

Details

The Windows Firewall is a built-in security application that comes with Windows OS since the beginning. The software is built to filter network data transmission to and from your Windows system.

The Firewall will block any suspicious and harmful connection depending on the threat level.

The users can configure the Windows Firewall settings as per their need to block or open port in Windows 10 and other versions. However, at times the Firewall may block ports or programs accidentally by user’s or administrator’s misconfiguration.

Problem Clarification

Firewall is blocking access to Mashme rooms or specific elements

Solution

Check for Blocked Port using the Command Prompt

  1. Type cmd in the search bar.
  2. Right-click on the Command Prompt and select Run as Administrator.
  3. In the command prompt, type the following command and hit enter.
    • netsh firewall show state
  4. This will display all the blocked and active port configured in the firewall.

How to check if Windows Firewall is blocking a program

  1. Press Windows Key + R to open Run.
  2. Type «control» and press OK to open Control Panel.
  3. Click on System and Security.
  4. Click on Windows Defender Firewall. 
  5. From the left panel Allow an app or feature through Windows Defender Firewall.
  6. In the allowed apps window, scroll through all the apps.
  7. Locate the app you want to review and see if the app is checked.
    • If it is unchecked, the app is blocked on the Firewall.
  8. If your program is blocked, simply check the app and click OK.

How do I check if Windows Firewall is blocking a port

  1. Press Windows Key + R to open Run.
  2. Type «control» and press OK to open Control Panel.
  3. Click on System and Security.
  4. Scroll down and open Administrative Tools
  5. In the Administrative Tools window, open Windows Defender Firewall with Advanced Security.
  6. Click on Actions and select Properties.
  7. Now select your preferred Profile (Domain, Private, Public).
  8. In the Logging section, click on the Customize button.
  9. Click on the drop-down menu for Log dropped packets: and select Yes.
  10. Take note of the pfirewall.log path in the Name section.
  11. Click OK to save the changes.
     
  12. Open File Explorer (Windows Explorer) and go to the path where the log file is saved.
    1. It should look something like this:
      • %systemroot%\system32\LogFiles\Firewall    (you can type %systemroot% in the location bar, and it will usually default you to c:\, which is the most common system root, and the usual log location is therefore: C:\Windows\System32\LogFiles\Firewall )
  13. Click on the pfirewall.log file and check for any blocked ports.



How to open a port in the Windows firewall

Interaction of programs on the network is carried out through network sockets. A socket consists of the computer’s IP address and port. In the Windows operating system, blocking and allowing access to ports is controlled by its own firewall, called «Windows Firewall». Many programs during the installation process are able to create the necessary rules for forwarding their ports in the firewall. But if this did not happen, then you need to create such rules yourself.

First of all, you need to find out the port number through which the program communicates. If the port is known, then you can start configuring the firewall. Otherwise, you will have to find out which network port the program used for its needs. How to do this can be found in the article «How to find out which port a program is using».

To open a port in Windows Firewall, you need to open Windows Defender Firewall Monitor and create an inbound rule that specifies the protocol type and port number of the network connection.

The firewall has the ability to allow all network connections for a specific program. Thus, there is no need to forward ports for it.

1. Open Windows Firewall Monitor.

The fastest way to open the Windows Firewall settings is to press and type wf.msc .

2. Select the «Inbound Rules» item, then the «Create Rule» action.

3. Rule type — «For port».

In total, 4 types of settings are available in the Firewall Rule Wizard:

  • forward through the firewall all the ports of this program;
  • For a port — open only specified ports, and it doesn’t matter which program uses them;
  • Predefined — A set of predefined rules for specific Windows 9 services and programs0032
  • Configurable — more complex and detailed setting of the rules, with the ability to specify the network protocol, port, program and network segment.

4. Specify the protocol and port numbers.

In addition to the port number, at this step you must select the transport protocol — TCP or UDP. But if you do not know what protocol the program uses, then it is better to clarify this point using the command line and the netstat -aon command, or the special TCPView and CurrPorts utilities.

In most cases, Windows programs use TCP as the transport protocol.

If there are several ports, they are separated by commas. Port range, for example, all ports from 5000 to 5010 — separated by a hyphen.

5. Action — Allow connection.

The «Allow connections» action allows absolutely all network connections to this port — this option is relevant in most cases.

Selecting the second option «Allow secure connection» will open the port only for VPN (virtual private network) connections based on the IPSec protocol.

6. Specify the profiles to which the rule applies.

By default, all profiles are selected and it is better not to change anything here, as there may be situations when the network profile is automatically changed to another one and after that the port becomes unavailable.

7. Rule name

Here you need to specify any rule name you understand. The simplest and most understandable option is when the program name and port number are used, for example: Radmin port 4899.

Check the list of rules for incoming connections, it must contain the created rule.

Many s simply disable the firewall to make things easier for themselves. Thus, all ports of the computer are open and there is no more torment with port forwarding. But this is wrong : in this situation, the operating system is completely open to network threats . If a virus enters the network on one of the computers, then all other devices with the firewall turned off will be instantly affected.

How to open ports in Windows and see the list of open ports

If a program or game requires a connection through a specific port, it may turn out that by default in the system this port is closed and the connection is not made. If necessary, ports in Windows 11, Windows 10 and previous versions of the system are relatively easy to open.

This guide details how to open ports in Windows 11 or Windows 10, see a list of open ports, and additional information that may come in handy if you still have problems connecting.

Opening ports in the Windows Firewall

The main way to open ports in Windows 11 and 10 is to configure the appropriate rules in the firewall.

First, open Windows Settings with Advanced Security. You can use the following methods to do this:

  • press the Win+R keys on your keyboard and type wf.msc into the Run window, then press Ener.
  • Use search in the taskbar.
  • In the Control Panel, open the «Windows Defender Firewall» item, and in it, in the left panel, select «Advanced Options».
  • In the Windows Security window, open Firewall and Network Security and click Advanced Options on the next settings screen.

The next step is to configure the rules for the required ports:

  1. Right-click on Inbound Rules and select New Rule from the context menu.
  2. In the Rule Wizard, select For Port and click Next.
  3. Select the protocol type — TCP or UDP (if you do not know the type you need, check the help for the specific program).
  4. Specify ports: a specific port or a range of ports, you can use commas to list multiple ports, or a hyphen to specify a range of them. Click next.
  5. Select «Allow connection».
  6. Specify which types of networks (network profiles) to open ports for.
  7. Enter a name for the rule and optionally a description. Then click the «Finish» button.
  8. Follow steps 1-7 for outgoing connection.

Done, the port is open and, if something else does not interfere with its operation, connections should be established.

Possible problems and additional actions required

If you have opened the required ports in Windows, but despite this connection is not established, you should consider, check or take the following actions:

  • VPN may affect the inability to communicate on certain ports. Solution: disable VPN, or see if there is an option to open ports in the VPN software.
  • Routers have their own firewall/firewall functions and ports may need to be opened (forwarded) in the router settings as well. Depending on the brand and model of the Wi-Fi router, this is done in different sections: port forwarding, firewall, firewall, virtual servers. The configuration logic is the same everywhere: usually the same external port and internal port (the port you need) are added, the internal IP is indicated (the local IP of the computer to which you need to forward the port), the protocol type is TCP or UDP, sometimes you need to specify an interface, for connections from the «external network» — WAN.
  • If the application itself is blocked in the firewall, it will not be able to establish connections: you can add rules to allow connections for the program in the same way that it was done above for ports.
  • The presence of third-party firewalls and antiviruses with network protection functions can also affect the ability to establish connections on certain ports: you should check their settings, if such software is available, in order to open the corresponding ports or disable protection for them.

How to see open ports in Windows and which programs use them

Many ports are constantly open in Windows, which are required for the operation of system services, programs (including third-party ones), browsers. You can view the list of open ports in one of the following ways:

  1. Launch a command prompt and enter the command (ports are listed after the colon in the IP address) 
     netstat -a
  2. If you want to see which processes are using certain ports, use the command (requires running as administrator) 
     netstat -ab
  3. To view open ports by process ID (PID) (by which a specific process can be seen in Task Manager): 
     netstat -aon
  4. There are third-party programs that allow you to get information about open ports and the processes using them, for example, the free NirSoft CurrPorts.

A list of «standard» and most commonly used ports is available on Wikipedia, but many games and programs may use their own unlisted ports to work.