How to open a firewall port on Windows 11

To open a Windows firewall port, open the “Windows Defender Firewall with Advanced Security” console.
Then click on “Inbound Rules” or “Outbound Rules,” click on “New Rule,” and select the “Port” option.
Continue selecting the protocol and the port number to open on Windows 11, allow the connection, choose the network profile to apply the rules, and save the changes.
You can also open one or multiple ports using commands with PowerShell and Command Prompt.

On Windows 11, the Microsoft Defender Firewall is a built-in security feature that helps protect your device by controlling network traffic, blocking unauthorized access from the outside, and preventing suspicious apps from connecting to the internet.

The firewall works as a gatekeeper, monitoring all incoming and outgoing network requests. When an app or service tries to access the network, Microsoft Defender Firewall (also referred to as the “Windows Firewall”) checks its rules database to determine whether to allow or block the connection. If no rule exists, Windows 11 will prompt you to grant or deny access manually.

In some cases, trusted apps (such as SQL Server) may not function correctly because the firewall is blocking them. When that happens, you must create a custom inbound or outbound rule to allow network access and restore functionality.

In this guide, I’ll teach you the steps to open a port to allow an app to communicate outside the network using the Windows 11 firewall.

Open a firewall port on Windows 11
Close a firewall port on Windows 11

Important: Before creating a firewall rule, check the app’s official support page to identify the required port numbers and protocol types (TCP or UDP). You can also quickly verify if a blocked port is the issue by temporarily disabling the firewall. If the app works while the firewall is off, it confirms that you need to create a custom rule to allow the connection. Re-enable the firewall immediately afterward.

Open a firewall port on Windows 11

Using the default firewall, you can create an inbound or an outbound rule, depending on the app requirements, using the Advanced Security console, Command Prompt, or PowerShell.

Create a firewall rule from Advanced Security

To open one or more ports in the Windows firewall, follow these steps:

Open Windows Security.
Click on Firewall & network protection.
Click the Advanced settings option.
(Option 1) Select Inbound Rules from the left navigation pane to create a rule to allow incoming traffic into the device.
(Option 2) Select Outbound Rules from the left navigation pane to create a rule to allow the traffic from the app to leave the device.
Click the New Rule option in the right pane under the “Actions” section.
Select the Port option.
Click the Next button.
Select the appropriate protocol (TCP or UDP) depending on the application.
Type the port number in the “Specific local ports” setting.

Quick note: If the app requires multiple ports open, you can type as many as you need as long as you separate each one with a comma (4500,4600,5000). If you need to specify a port range, you can use a hyphen (-). For example, 3000-3100.
Click the Next button.
Select the “Allow the connection” option. (Using the same step, note that you can block the connection.)
Click the Next button.
Select the network type to apply the rule. (Usually, you want to leave this option with the default selections.)
Click the Next button.
Type a descriptive name for the rule. For example, “My Inbound Rule for APP-NAME.”
Click the Finish button.

After you complete the steps, inbound connections will be allowed for the app through the port you open in the firewall.

Create a firewall rule using Command Prompt

To open a firewall port through Command Prompt, follow these steps:

Open Start.
Search for Command Prompt (or Terminal), right-click the top result, and choose the Run as administrator option.
Type this command to create an incoming firewall rule with Command Prompt and press Enter:
```
netsh advfirewall firewall add rule name="YOUR-APP-PORT" dir=in action=allow protocol=TCP localport=12345
```
In the command, update the name setting for the name of the rule you want to use. In protocol, use TCP or UDP, and specify the port number in the localport setting.

Quick tip: netsh doesn’t support a comma-separated list of ports like localport=80,443,8080. Instead, you must run one command per port.
Type this command to open a range of ports with Command Prompt and press Enter:
```
netsh advfirewall firewall add rule name="YOUR-PORT-RANGE-NAME" dir=in action=allow protocol=TCP localport=2000-2200
```
In the command, update the name setting for the name of the rule you want to use. In protocol, use TCP or UDP, and specify the port number in the localport setting.

Once you complete the steps, the specified network ports using Command Prompt will open on Windows 11.

If you must create an in or out rule with multiple ports (out of range), you can use a batch loop command. For example, for %%P in (80 443 8080) do netsh advfirewall firewall add rule name="Allow TCP %%P" dir=in action=allow protocol=TCP localport=%%P

In the command, you have to update the ports, direction (in or out), and protocol (TCP or UDP).

Create a firewall rule using PowerShell

To open a firewall port using a PowerShell command, follow these steps:

Open Start.
Search for PowerShell (or Terminal), right-click the top result, and choose the Run as administrator option.
Type this command to create an incoming firewall rule with PowerShell and press Enter:
```
New-NetFirewallRule -DisplayName "YOUR-APP-PORT" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 12345
```
In the command, you have to update the name, direction (Inbound or Outbound), protocol (TCP or UDP), and local port settings in the same way as required using Command Prompt.
Type this command to open a range of ports with PowerShell and press Enter:
```
New-NetFirewallRule -DisplayName "YOUR-PORT-RANGE-NAME" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 4000-4010
```
In the command, update the name, direction (Inbound or Outbound), protocol (TCP or UDP), and specify the port range.

After you complete the steps, the PowerShell command will create the inbound or outbound rule in the Microsoft Defender Firewall.

If you must create an in or out rule with multiple ports (out of range), you can use a foreach loop command. For example:

$ports = @(80, 443, 8080)
foreach ($port in $ports) {
    New-NetFirewallRule -DisplayName "Allow TCP $port" -Direction Inbound -Action Allow -Protocol TCP -LocalPort $port
}

In the command, you have to update the ports, direction (in or out), and protocol (TCP or UDP).

Close a firewall port on Windows 11

You can also close a port by deleting a specific rule using the Advanced Security console, Command Prompt, or PowerShell.

Close a firewall rule from Advanced Security

To delete a port in the Microsoft Defender Firewall, follow these steps:

Open Windows Security.
Click on Firewall & network protection.
Click the Advanced settings option.
Click on Inbound Rules or Outbound Rules from the left navigation pane, depending on where you open the firewall port.
Select the rule you want.
Click the Disable Rule to close the port while keeping the rule under the “Actions” section. Or click the Delete Rule option to close the port and remove the rule from the firewall.

After you complete the steps, the app or service will no longer have access to the network or internet because the Windows firewall will block it.

Close a firewall rule using Command Prompt

To open a firewall port through Command Prompt, follow these steps:

Open Start.
Search for Command Prompt (or Terminal), right-click the top result, and choose the Run as administrator option.
Type this command to delete a firewall rule with Command Prompt and press Enter:
```
netsh advfirewall firewall delete rule name="YOUR-DELETE-RULE"
```
In the command, update the name setting with the name of the rule that includes the port to close.

Once you complete the steps, the Command Prompt command will delete the rule, closing the specified ports.

Close a firewall rule using PowerShell

To open a firewall port using a PowerShell command, follow these steps:

Open Start.
Search for PowerShell (or Terminal), right-click the top result, and choose the Run as administrator option.
Type this command to delete a firewall rule with PowerShell and press Enter:
```
Remove-NetFirewallRule -DisplayName "YOUR-DELETE-RULE"
```
In the command, update the DisplayName setting with the name of the rule that contains the port to close.

After you complete the steps, the PowerShell command will delete the rule with the ports you want to close.