Skip to content

How to Open Port on Windows Firewall

After installing some software, you may need to open specific port on windows firewall to service external connections. For example, we open port 1433 for SQL server or open port 1521 for Oracle database server. In this post, I'll introduce two ways to open port.

  1. Open Port by CLI
  2. Open Port by GUI

Open Port by CLI

We can easily open port in command prompt (cmd.exe) as Administrator in Windows platform.

For various network policies, we should set different allowable scopes for them. To apply the following commands in your situations, please change the port number 1433 into yours.

For Local LAN

For all remote clients in the same local subnet, we use the constant LOCALSUBNET to represent it.

Open Port 1433 for SQL Server
netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = any
Open Port 1521 for Oracle Database
netsh advfirewall firewall add rule name = OracleListener dir = in protocol = tcp action = allow localport = 1521 remoteip = localsubnet profile = any

Sometimes, you might be required to turn Windows firewall completely off.

Usually, open for local LAN is the most used type.

For Specific IP Address

For a single IP address only, you should specify its IP address.

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = 10.10.61.12 profile = any

For Mixed Network

Let's see a mixture network case.

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = 10.10.61.12,192.168.0.0/16,localsubnet profile = any

As you can see, there's a combination of a single IP, CIDR and local LAN.

The command should be executed in command prompt (cmd) by administrator in Windows and each parameter is explained as followings:

  • name
  • The name of the inbound rule. You may name it by its main usage.

  • dir
  • The transport direction, either IN or OUT.

  • protocol
  • The internet protocol that you want to open, either TCP, UDP or ANY.

  • action
  • The action of this rule that you want to perform. The value can be ALLOW, BLOCK or BYPASS.

  • localport
  • The port number that you want to open.

  • remoteip
  • The scope of remote clients, it can be ANY for any specific IP address, or a CIDR for a range of IP addresses separated by commas, the default is local subnet (LOCALSUBNET).

  • profile
  • The scope of this rule will be applied, it can be DOMAIN, PRIVATE, PUBLIC or ANY. In this case, we open it within all scopes.

Let's see the execution result.

C:\Windows\system32>netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = any
Ok.

We should confirm the rule is working by opening windows firewall directly.

Windows Defender Firewall - Inbound Rules

Windows Defender Firewall - Inbound Rules

Open Port by GUI

Using GUI to setup an inbound rule is pretty straightforward. Let's see the steps.

Windows Firewall - Inbound Rule - New Rule

windows-defender-firewall-inbound-rules-new-rule

New Inbound Rule Wizard - Rule Type - Port

New Inbound Rule Wizard - Rule Type - Port

New Inbound Rule Wizard - Protocol - Port

New Inbound Rule Wizard - Protocol - Port

New Inbound Rule Wizard - Action

New Inbound Rule Wizard - Action

New Inbound Rule Wizard - Profile

New Inbound Rule Wizard - Profile

New Inbound Rule Wizard - Name

New Inbound Rule Wizard - Name

Windows Defender Firewall - Inbound Rules

Windows Defender Firewall - Inbound Rules

Leave a Reply

Your email address will not be published. Required fields are marked *