PowerShell Script: Windows Firewall Configuration and Management

Efficiently manage and secure Windows systems with this PowerShell script, automating the creation and management of firewall rules for IT admins and security teams.

In this Guide:

Introduction & Purpose

This PowerShell script is an essential tool for IT administrators, security teams, and MSPs to efficiently manage and configure Windows Firewall settings. Automate the creation of inbound and outbound firewall rules, enable or disable the firewall, and secure your systems against unauthorized access. This guide provides a detailed breakdown of the commands and best practices for network security.

The Script

Copy to clipboard
# -----------------------------------------------------------------------------
# Script Name: Configure-WindowsFirewall.ps1
# Description: Automates the creation and management of Windows Firewall rules.
# Author: Zecurit Team
# Date: August 14, 2025
# -----------------------------------------------------------------------------

# Section 1: Enable the Windows Firewall
# This command ensures the firewall is active on all network profiles (Domain, Public, Private)
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled True

# Section 2: Create a new inbound rule for Remote Desktop (RDP)
# This rule allows inbound RDP connections on TCP port 3389, a common task for remote administration.
New-NetFirewallRule -DisplayName "Allow RDP" -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Allow

Detailed Breakdown

CommandDescription
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled TrueEnsures the firewall is enabled for all network profiles.
New-NetFirewallRule -DisplayName "Allow RDP" -Direction Inbound -Protocol TCP -LocalPort 3389 -Action AllowAllows RDP connections.
New-NetFirewallRule -DisplayName "Block Malicious IP" -Direction Outbound -RemoteAddress 192.168.1.100 -Action BlockBlocks outbound connections to a specific IP address.
New-NetFirewallRule -DisplayName "Allow Web Traffic" -Direction Inbound -Protocol TCP -LocalPort 80,443 -Action AllowAllows web traffic on HTTP and HTTPS ports.
Remove-NetFirewallRule -DisplayName "Allow RDP"Demonstrates how to remove a rule.
Get-NetFirewallRuleSelect-Object DisplayName, Enabled, Direction, Action, Profile

Potential Use Cases

Here are some potential use cases:

  • Automating firewall settings in corporate environments.
  • Enforcing security measures by blocking unauthorized access to the network.
  • Allowing only designated applications or services to communicate over the network.
  • Preventing cyber threats by blocking harmful IP addresses.
  • Implementing secure policies for remote access.

Implications & Considerations

  • Security Risks: If your firewall rules are misconfigured, it could leave your system vulnerable to security threats.
  • Compliance: It's crucial to make sure your firewall settings meet all regulatory requirements.
  • Application Impact: Blocking certain ports might disrupt how applications function.
  • Testing: Always test any changes to your firewall in a non-production environment before rolling them out.

Recommendations

  • Regularly review and update your firewall rules to keep up with evolving security needs.
  • Utilize logging (Get-NetFirewallRule -PolicyStore ActiveStore) to keep an eye on and audit firewall activity.
  • Pair this script with Group Policy for a more centralized approach to firewall management.
  • Implement PowerShell execution policies to block unauthorized script execution.

By using this script, administrators can effectively manage firewall settings and boost security across Windows devices.

Deploy this script across your Endpoints with Zecurit

Upload this script to Zecurit's Script Repository and execute it across hundreds of endpoints in minutes. Support for PowerShell, Bash, Python,and more with full audit trails and scheduling.

Try For Free
Get a Demo

Frequently Asked Questions (FAQs)