• February 17, 2021

Enable/Disable Windows Firewall Using Command-line

There may be times when you need to turn off Windows Firewall. For example when you are testing network connectivity or when you are troubleshooting an issue. In such scenarios, you can make use of the Netsh.exe command in command line on Windows 10 and Windows 8.

Disable Windows Firewall Quickly using Command-line

In order to disable Windows Firewall, run the below command from Elevated Command Prompt.

netsh advfirewall set allprofiles state off

The above command will turn-off Windows Firewall for all the profiles.

Understanding Windows Security Domain Profiles

  1. Domain profile: This profile is applied when a computer is connected to its Active Directory domain. If in case the member computer’s domain controller is accessible, the Domain profile will be applied.
  2. Private profile: This profile is applied when a computer is connected to a private network. By default, no networks are considered private; users have to specifically mark a network location, for example their home office network, as private.
  3. Public profile: This is the default profile applied to all networks when a domain controller is not available. For instance, the Public profile is applied when users connect to Wi-Fi hotspots at airports or coffee shops. By default, the Public profile allows outgoing connections but blocks all incoming traffic that is not part of an existing connection.

When you create firewall rules to allow or block traffic, you can separately apply them to the Domain, Private, and Public profiles. For example, let us consider that you are using a laptop. These three different profiles enable the laptop computer to allow incoming connections while connected to a domain network, but will block connection attempts on less secure networks (such as public wireless hotspots).

You can make use of the currentprofile parameter to make sure that the command effects changes for the currently active firewall profile (Public, Private or Domain).

To know the state (ON or OFF) of Windows Firewall for every profile, you can execute this command:

netsh advfirewall show allprofiles

The State (ON or OFF) tells you whether or not the firewall is enabled for a particular profile.

The current status of the Windows Firewall can also be found using the Windows Security.

  1. Click Start.
  2. Search for Windows Security and click on the top result.
  3. In the Windows Security app that open, click on the Firewall and network protection.

As soon as you set the Windows Firewall state to OFF for any profile, you will instantly see this notification in the taskbar.

Enable Windows Firewall Using Command Line

To enable the firewall, on a per-profile basis, use the on parameter like below:

netsh advfirewall set privateprofile state on
netsh advfirewall set publicprofile state on
netsh advfirewall set domainprofile state on

You can also create two desktop shortcuts to enable and disable the Windows Firewall seamlessly. In order to run the commands as administrator (this is a must), simply right-click on the shortcut and choose Run as administrator. Alternatively, you can also right-click the shortcut properties > Click Advanced > Tick the Run as administrator checkbox > Click OK. Double-clicking the shortcut runs the Netsh… command in elevated mode, after you click the Continue button in the UAC confirmation dialog.

Enable/Disable Windows Firewall using PowerShell

You can also manage Windows Firewall from the PowerShell (administrator mode).

To disable Windows Firewall for all the profiles using PowerShell, use this command:

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

To enable Windows Firewall for all the profiles using PowerShell, use this command:

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Leave a Comment