Best firewall settings for network access - Windows 10

I am using a SurfacePro 3 with Windows 10.  As many others have found the wireless access stability for Windows 10 is pretty fragile. Some advice has suggested this can be made better by adjusting the Firewall rules. I opened the app Windows Firewall with Advanced Security. This is a very dense set of options, calling for a lot of knowledge about network access and security.

Does anyone have advice about how to choose optimal settings for  public and private networks, and networks accessed through a domain? I am concerned that I have reduced security somewhat on public networks because in order to get the network to work at all I had to enable a number of access rules that the default settings set only for private networks.

Domain especially is causing me problems, because I work in 2 research libraries, and think that my network problems (no access, even when the network is recognised and saved) in them may be caused by domain issues. ?When I come home after trying to resolve the issues in the libraries, my home network falls over several times before settling down and working properly. To achieve this I need to do many restarts, and network adapter troubleshoots. It's frustrating and unproductive.

|
Answer
Answer

Windows Firewall uses the best options for out of box setup by default.  You may need to poke holes as needed to allow for special network communications.

As an example, take File and Printer Sharing.  By default this rule set is disabled out of box.  You can enable the rule either directly by using the firewall UI, or indirectly by just creating a file share.  Again by default, Windows Firewall opts for Security, so the default is to only enable the rule for Private (or Domain if domain joined).  This makes the rule most restrictive.  It would likely make sense for you to allow this for private (i.e. your home network) as well if you are domain joined.  This rule is unlikely needed for Public (i.e. Starbucks).  You'll need to make the same determinations for other incoming traffic.  If the traffic is initiated by the host, Windows Firewall by default does not block this, and maintains state so you don't need to explicitly open holes for responding traffic.

The essential services for the OS already have rules which allow their communication (DNS, DHCP, etc.).  As an experiment, I'd be interested to know if you move from the Work network, and then to your home network, if you turned off the firewall when you connect to the home network if the problem you describe is eliminated (do this at your own risk of course, and don't forget to turn the firewall back on).  If the issue is still present, then I'd be led to believe the issue is not firewall related, but some of the network services.

You can also dump out what your interface is classified as using Powershell:

PowerShell.exe Get-NetConnectionProfile; Pause;

Name             : ntdev.corp.microsoft.com
InterfaceAlias   : Ethernet
InterfaceIndex   : 3
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : Internet

Hope this guidance helps.

Dusty Harper [MSFT]

7 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated November 29, 2020 Views 8,480 Applies to: