Logging for Windows Firewall

If you are ever unsure about whether Windows Firewall is blocking or allowing traffic, you should enable logging, re-create the problem you’re having, and then examine the log files.

Use the buttons below to navigate through the lesson

Right click Windows Firewall with Advanced Security. Select Properties. Click Customize. Enable logging by selecting Yes from the drop down lists. Click OK. Logging should be enabled on all Profiles. Click OK to finish. Output in the Windows Firewall Log.

In most production environments, this log will be almost constantly written to, which could impact on system performance. You should enable logging only when actively troubleshooting a problem and then immediately disable logging when you’re done.

Identifying Network Communications

If you use Port firewall rules or if you need to configure a network firewall that can identify communications based only on port number, and the application’s documentation does not list the firewall requirements, then you can examine the application’s behavior to determine the port numbers in use.

The simplest tool to use is Netstat. On the server, run the application, and then run the following command to examine which ports are listening for active connections:
netstat -a -b.