How to Set Up a Firewall on a Windows Server

A firewall is a crucial component of computer security, which acts as a barrier between your network and external networks. On operating systems, a firewall acts as a first line of defense against malicious attacks and unauthorized access. Every Windows operating system comes with a built-in firewall known as Windows Defender firewall, which enables users to manage inbound and outbound connections based on specific rules.

 

Whether you are a system administrator protecting your organization’s infrastructure or an individual securing your personal computer, it’s important to know how to configure and manage a firewall on Windows, which is essential for maintaining a safe network environment.

 

First, let’s create a firewall on Windows Sever using Windows Defender Firewall to control inbound and outbound network traffic.

 

How to create a Windows server in Kamatera

  1. Enter your credentials to access the Kamatera management console and click Login.

Kamatera console screenshot

 

2. Navigate to My Cloud on left hand side and select Servers. On the left-hand side navigation menu, click on Create New Server or use the Create New Server button on the right-hand side.

Kamatera console screenshot

 

3. Choose zone:

Choose the zone according to your requirements.

Depending on the zone you select, the available countries will be displayed. 

Note: For this setup, we used the Asia server domain for the Windows Server.

 

Kamatera console screenshot

 

4. Choose an image:

Kamatera offers a variety of app and server images to help users set up preconfigured resources. Users can explore options such as:

 

5. Choose server OS images and select Windows server.

 

6. In “Choose Version,” select the latest version of Microsoft Windows Server (2022_standard 64-bit). 

 

7. Upon selecting the version, the license prices are displayed.

 

 

8. Toggle the Detailed view button to ‘ON’ to view the detailed description, including the price.

9. Choose Server Specs:

Note: Type- B (General), CPU- 2, RAM- 8 GB, SSD DISC#1- 80 GB are selected.

Toggle the “Daily Backup and Management Services” button to ‘ON’ according to your requirements.

Field Description
Type Type B-General Purpose: Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed.

Type DDedicated: Server CPU are assigned to a dedicated physical CPU Core (2 threads) with reserved resources guaranteed.    

Type T-Burst: Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed. Exceeding an average usage of 10% will be extra charged for CPUs usage consumption.

Type A-Availability: Server CPUs are assigned to a non-dedicated physical CPU thread with no resources guaranteed.

Note: More information on CPU types is available on the My Cloud- Pricing page.

CPU Choose the number of vCPUs that will be installed on the server. Type B/T can be configured with up to 104 vCPUs per server (based on Intel’s latest Xeon Processors, 2.7 GHz+).
RAM Choose the amount of RAM that will be installed on the server. Type B/T/D can be configured with up to 512GB RAM per server. 
SSD DISK Choose SSD Storage Size. You can add up to 15 SSD Disk. SSD Storage includes unlimited IOPS and unlimited storage bandwidth, free of charge.
Daily Backup Toggle the switch to enable extended daily backups of your server’s storage to external backup storage.
Management Services Toggle the switch to enable Management Services to the server’s operating system by Kamatera Technical Support Team.

 

10. Choose networking:

 

Simple mode:

 

Kamatera console screenshot

 

Field Description
Public Internet Network Check to connect the server to a network interface connected to Public Internet Network.
Private Local Network Check to connect the server to a network interface connected to Private Local Network.

 

  Advanced mode:

 

 

Field Description
NIC #1 Select WAN from the options available in the drop-down menu.

  • WAN
  • LAN
  • New LAN

Select auto from the options available in the drop-down menu. 

  • Auto
  • Network

Select auto from the options available in the drop-down menu.

  • Auto 
  • IP
WAN Traffic       Select 5000 GB per month/ on 10 Gbit per second port.

 

11. Advanced configuration:

Click “Hide” to hide the advanced configuration. Click “Show” to see the advanced configuration.

 

 

Field Description
Install Script Enter the script here to execute, once the server is created.

Note: For Windows system use Power Shell. 

Keep Server On Failure      Do not terminate server if start up script or provisioning fails.
Server Notes Enter any server notes to be noted.
Tags Select the Tags from the drop-down menu and click Add.

 

 

12. Finalize settings:

Finalize settings by setting the password, re-validating it, selecting the number of servers, specifying the server’s name, and enabling the Power On Servers option.

 

 

Field Description
Password Select password 

Password allowed characters: a-z, A-Z,0-9 !@#$^&*()~ and must need the following requirements:

  • At least 14 characters
  • At most 32 characters
  • At least one lowercase character
  • At least one upper case character
  • At least one number
  • Includes allowed characters only
Validate Re-enter the password to validate.
Servers Select the number of servers the user wants.
Name # 1 Enter the name of the server.
Power On Servers     Switch on the toggle button to see the details

 

13. Billing cycle and pricing:

Once the user enters the details in Finalize Settings, they can select either the Monthly Billing Cycle or Hourly Billing, depending on their requirements. 

After choosing the billing cycle, click on “Create Server.”

 

Note: The Server Summary displays the location, operating system (including server specifications), add-on services, servers, and pricing.

 

14. The server will be added to the Tasks Queue.

 

15. Once the server is created, you will see the status as success. The server will appear under Server Management.

Click Open, and a new screen will open.

 

 

16. On the right side, the overview of the Windows Server that you just created is displayed.  Click CONNECT and a new screen will open.

 

17. In the new screen, under the “Connection Credentials” section: Connection Type, Username and Password are displayed.  In the Remote Console section, click Open Remote Console.  

 

Kamatera console screenshot

 

18. A new tab opens, connecting to the new server and displaying the Server Manager Dashboard. 

 

Open Server Manager in Windows Server

  1. In Windows Server, open Server Manager.

 

 

2. Go to Tools-> Windows Defender Firewall with Advanced Security.

Windows server manager screenshot

 

3. A new screen will open. On the left pane, you will see:

Inbound Rules: Controls traffic that is allowed to enter the server.

Outbound Rules: Controls traffic that is allowed to leave the server.

Connection Security Rules: Configures IPsec to secure traffic.

Monitoring: Refers to tracking and reviewing the traffic and rules in your firewall configuration.

 

 

4. Select Inbound Rules, if you want to control incoming traffic. In the middle pane, look for rules with the specific port number under the Local Port or Remote Port fields to see if they are allowed or blocked. If the port is not listed, you can create a rule to test whether it can pass traffic. 

5. Select Outbound Rules, if you want to control outgoing traffic. In the middle pane, look for rules with the specific port number under the Local Port or Remote Port fields to see if they are allowed or blocked. If the port is not listed, you can create a rule to test whether it can pass traffic. 

6. Once you click on Inbound rules or Outbound Rules, you will see the Actions pane on the right. Select New Rule.

 

7. A new inbound wizard rule opens. Select the type of firewall rule you want to create (Program, Port, Predefined, or Custom). 

Program: Controls traffic for specific applications.

Port: Controls traffic on a specific port.

Predefined: Controls connections for Windows experience.

Custom: Used for more granular traffic control.

 

8. For demonstration purposes, we will select Port

Click Next.

Follow the on-screen instructions and fill in the required information.

 

 

9. Select TCP or UDP.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are 2 primary protocols for transmitting data over the Internet and other networks. Here, TCP is selected. 

Select All local ports or Specific local ports.

Select Specific local ports and enter the port numbers or port range.

Here 443, 80 are entered.

Click Next.

 

 

  1. Select Allow the connection, Allow the connection if it is secure, or Block the connection depending on your requirements.

Here, Allow the connection is selected and click on Next.

 

 

11. Check all the boxes next to Domain, Private, and Public.

Click Next.

 

 

12. Assign a name to the rule and description (optional). 

Click Finish.

 

 

13. The rule will be activated immediately controlling traffic as per the conditions. In the middle pane, you will see Ports 443, 80 for Snagit is displayed.

 

 

14. To check if the inbound rule for Ports 443, 80 for Snagit is working or not, test the connection by using a few methods.

 

15. Use Windows PowerShell to test:

 

Open PowerShell and click Run as Administrator.

Type the command below to check if Port 80 is open or not.

 

Command: Test-NetConnection -ComputerName localhost -Port 80

 

If Port 80 is open: you will get TcpTestSucceeded: True in the output.

If Port 80 is blocked: you will get TcpTestSucceeded: False in the output.

 

Windows PowerShell screenshot

 

16. Use your browser to test:

Type http://localhost in the address bar and press enter.

If the port is open and your rule is working, then you will see a web page otherwise you will see an error message “This site can’t be reached.”

 

Internet Information Services screenshot

 

17. Use Telnet to test:

Select Turn Windows features on or off.

 

Windows PowerShell screenshot

 

Open Server Manager. Click on Manage in the top-right corner and select Add Roles and Features.

 

Server manager dashboard

 

In the Add Roles and Features wizard, click Next.

 

Add Roles and Features Wizard screenshot

 

In the installation type window, select Next.

 

Add Roles and Features Wizard screenshot

 

In the Server Selection window, select Next.

 

Add Roles and Features Wizard screenshot

 

In the Select Server roles window, click Next.

 

Add Roles and Features Wizard screenshot

 

In the Select Features window, check the box next to Telnet Client and then click Next.

 

Add Roles and Features Wizard screenshot

 

Click Install.

 

 

Once the feature installation is complete, click Close.

 

 

 

Type the below command and press Enter.

 

Command: telnet 

 

If the installation is successful, you will see the Telnet prompt (Microsoft telnet>) and you can start using Telnet to connect to remote servers.

 

Administrator: Command Prompt - telnet

 

Command: telnet localhost 80

If the port is open and correctly configured, you will see a blank screen indicating connection is established. Otherwise, you will see the message “Could not open connection to the host”.

 

18. Check the Firewall logs to test:

If the Windows Firewall Logging is not already enabled, open Windows Defender Firewall with Advanced Security.

 

Windows Defender Firewall screenshot

 

Copy the Default path for the log file. Click OK.

 

Customize Logging Settings for the Domain Profile screenshot

 

Open the log file in the notepad or any another text editor and check for the entries related to Port 443 and 80. This will show whether traffic is allowed or blocked on Ports 443 and 80.

 

 

Use tools such as ping or Telnet to test how the firewall handles connections.

If ping is blocked, you will see a DROP entry in the logs.

If Telnet fails, check the logs to determine whether the traffic is blocked.

And that’s it! You have successfully created a firewall on your Kamatera cloud server.

 

Have additional questions? Search below: