DocsICP FilingConsole
官方文档
首页

Manage the Windows instance firewall

更新时间:
复制 MD 格式
产品详情
我的收藏

Windows Firewall is a built-in security tool in Windows that controls inbound and outbound network traffic for your instance to prevent unauthorized access and malicious intrusions. If firewall rules block external access, you may be unable to remotely connect to the instance. This topic shows you how to manage the Windows system firewall. You can enable, configure, or disable the system firewall to meet your remote access needs.

Check the firewall status

Check the firewall's current status to decide whether to enable or disable it.

  1. Log on to the Windows instance using VNC. For more information, see Connect to an instance by using VNC.

  2. Select Start > Control Panel.

  3. Set View by to Small icons, and then click Windows Defender Firewall.

    Note

    The option name may vary depending on the Windows version. If the Windows Defender Firewall option is unavailable, select Windows Firewall.

  4. In the Windows Defender Firewall window, click Advanced settings.

  5. In the Overview section of the Windows Defender Firewall with Advanced Security window, view the current firewall status.

    Note

    When you enable or disable the firewall, apply the same setting to the domain profile, private profile, and public profile for consistency. When checking the firewall status, verify that the firewall status is the same across all three profiles. If the statuses differ, follow the instructions in the next section to synchronize them.

Enable or disable the firewall

Enable or disable the firewall based on your requirements. If you enable the firewall, you must also configure firewall rules.

Enable firewall

When enabled, the firewall monitors and controls network traffic for your instance based on its configured rules.

  1. In the Windows Defender Firewall with Advanced Security window, click Windows Defender Firewall Properties.

    Note

    To open the Windows Defender Firewall with Advanced Security window, see Check the firewall status.

  2. Select On (recommended), and then click Apply.

    Note

    Enable the firewall for the domain profile, private profile, and public profile.

Disable firewall

When disabled, the firewall no longer controls network traffic for the instance.

  1. In the Windows Defender Firewall with Advanced Security window, click Windows Defender Firewall Properties.

    Note

    To open the Windows Defender Firewall with Advanced Security window, see Check the firewall status.

  2. Select Off, and then click Apply.

    Note

    Disable the firewall for the domain profile, private profile, and public profile.

Configure firewall rules

After you enable the firewall, you must configure rules to allow specific traffic. For example, this section provides two methods to create a rule that allows remote connections. You can adjust the rule configuration as needed. For more information about firewall policy configuration, see Windows system firewall policy configuration guide.

Method 1: Add port rule

To allow remote connections, open the local port for Remote Desktop. By default, this is TCP port 3389.

Note

If you changed the Remote Desktop port, you must add the new port number to the inbound rule.

  1. In the Windows Defender Firewall with Advanced Security window, click Inbound Rules, and then click New Rule....

    Note

    To open the Windows Defender Firewall with Advanced Security window, see Check the firewall status.

  2. In the New Inbound Rule Wizard, on the Rule Type page, select Port, and then click Next.

  3. On the Protocol and Ports page, select TCP, select Specific local ports and enter the port number, and then click Next.

    Note

    Tip: Enter the port number for remote connections. The default is 3389.

  4. On the Action page, select Allow the connection, and then click Next.

  5. On the Profile page, keep the default selections, and then click Next.

    By default, the Domain, Private, and Public network profiles are selected.

  6. On the Name page, enter a name for the rule, such as RemoteDesktop, and then click Finish.

  7. Configure the scope.

    The scope restricts remote access to specified source IP addresses. Only IP addresses within the scope can connect remotely; all others are blocked.

    1. In the Windows Defender Firewall with Advanced Security window, right-click the inbound rule that you just created, for example RemoteDesktop, and select Properties.

    2. On the Scope tab, under Remote IP address, select These IP addresses:. Then click Add... to add one or more IP addresses or CIDR blocks, such as the public IP address of your computer, and click OK.

      Important

      If you want to connect to the instance using Workbench, you must add 47.96.60.0/24 and 118.31.243.0/24 to the scope.

  8. After you complete these steps, you can connect to the instance using a Remote Desktop client. Append the remote port number to the IP address and specify the user name in Show Options. For example, connect to 192.168.1.2:3389 with the user name Administrator.

Method 2: Add predefined rule

To allow remote connections, add a predefined Remote Desktop inbound rule.

Important

This method applies only if you use the default Remote Desktop port, which is TCP port 3389.

  1. In the Windows Defender Firewall with Advanced Security window, click Inbound Rules, and then click New Rule....

    Note

    To open the Windows Defender Firewall with Advanced Security window, see Check the firewall status.

  2. In the New Inbound Rule Wizard, on the Rule Type page, select Predefined > Remote Desktop, and then click Next.

  3. On the Predefined Rules page, select the Remote Desktop - User Mode (TCP-In) checkbox, and then click Next.

    Note

    On earlier versions of Windows, if the Remote Desktop - User Mode (TCP-In) option is not available, you can select the Remote Desktop (TCP-In) checkbox.

  4. On the Actions page, select Allow the connection, and then click Completed.

  5. Configure the scope.

    The scope restricts remote access to specified source IP addresses. Only IP addresses within the scope can connect remotely; all others are blocked.

    1. In the Windows Defender Firewall with Advanced Security window, click Inbound Rules, right-click the inbound rule that you just created, and then select Type.

    2. On the Scope tab, under Remote IP address, select These IP addresses:. Then click Add... to add one or more IP addresses or CIDR blocks, such as the public IP address of your computer, and click OK.

      Important

      If you want to connect to the instance using Workbench, you must add 47.96.60.0/24 and 118.31.243.0/24 to the scope.

  6. After you complete these steps, you can connect to the instance using a Remote Desktop client. Append the remote port number to the IP address and specify the user name in Show Options. For example, connect to 192.168.1.2:3389 with the user name Administrator.

Related topics

Previous:Change the default remote portNext:Configure firewall rules for Windows