List of Articles Icon

Knowledge Base

Guides and answers for your VPS, the client area, and billing

Using Windows Defender Firewall on your VPS

What this is

Windows VPS has no managed edge firewall in front of it (that's a Linux VPS feature), so Windows Defender Firewall is the network layer, and the good news is its default posture is already right: inbound connections are blocked unless a rule allows them. Windows and its services create their own rules (RDP's exists out of the box), so your job is only two things: open ports for what you deliberately serve, and tighten the rules you inherited.

Opening a port for your application

Say your app listens on TCP 8080. First, remember a port only answers if something is listening, confirm your app runs, then allow it:

PowerShell (fastest):

New-NetFirewallRule -DisplayName "MyApp 8080" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow

GUI: run wf.msc → Inbound Rules → New Rule → Port → TCP, 8080 → Allow → name it. Same result.

Then verify from outside (your own machine): Test-NetConnection YOUR.VPS.IP -Port 8080, or any online port checker, reading the result with the closed-vs-filtered rule. Ask an AI chatbot to draft rules for anything fancier (port ranges, UDP, specific programs), New-NetFirewallRule has a parameter for everything.

Restricting RDP to your own IPs

The highest-value tightening on the whole server, RDP reachable only from addresses you control ends the brute-force question outright:

  1. wf.mscInbound Rules → find Remote Desktop - User Mode (TCP-In).
  2. Properties → Scope tab → Remote IP address → These IP addresses → add your home/office IPs (find yours on any "what is my IP" site).
  3. OK, the change applies immediately.

Two safety notes: your home IP may be dynamic, so add a range or your mobile carrier's egress too if you can, and know the fallback before you need it, the Console in your client area reaches the VPS without RDP, so a scope mistake locks the door, not the house. (PowerShell equivalent: Set-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)" -RemoteAddress 203.0.113.7.)

The habits

  • Don't turn the firewall off to "test something", allow the specific port instead. Off means every listener on the machine is public.
  • Profiles (Domain/Private/Public): on a VPS the network is Public; when creating rules, applying them to all profiles avoids surprises.
  • Audit occasionally: Get-NetFirewallRule -Enabled True -Direction Inbound | Where-Object Action -eq Allow lists everything you're allowing in.

Still need help?

You can open a support ticket. So we can help on the first reply, it's worth mentioning:

  • the VPS hostname or IP and the port involved,
  • the rule you created or changed,
  • what an outside test of the port shows (refused, or a timeout).
  • "How do I open a port on my Windows VPS?"
  • "How do I restrict RDP to my IP address?"
  • "Is there a firewall in front of my Windows VPS?"
  • "Should I disable Windows Firewall to test?"
  • "How do I list my inbound firewall rules?"
Last reviewed: 2026-07-02