Checking Windows Firewall for blocked ports

If you have Windows Firewall enabled then chances are that eventually you are going to find that it will be blocking one or more ports required by your applications. Checking Windows Firewall for blocked ports will help you troubleshoot your issues.

To check if Windows Firewall is blocking a port(s) that your machine is trying to communicate, follow the steps below…

Pre-Check: What ports is the machine listening on?

First off, let’s check if your server is even listening on the specific port you think might be being blocked by Windows Firewall.

To check what ports a Windows machine is listening on, do the following:

1. Launch Command Prompt
2. Run netstat -a -n
3. Check to see if the specific port is listed
   • If it is, then it means that the server is listening on that port
   • If it isn’t, then it means that port is not being used, so either the application in question is not running or in fact the application isn’t actually using that port at all

Option 1: Checking Windows Firewall for blocked ports via Windows Firewall Logs

The first way to check what ports Windows Firewall is blocking is to use the Windows Firewall logs. To do this, follow these steps:

1. Enable Dropped Packets Logging
   1. Start >> Control Panel >> Administrative Tools >> Windows Firewall with Advanced Settings
   2. From the Actions pane (right-pane) click on Properties
   3. Select the appropriate firewall profile (Domain, Private or Public). Alternatively, enable logging on all three profiles
   4. Click the Customise button under the Logging section
   5. Change the Log Dropped Packets option to Yes
   6. Take note of the file path to where the logs will be stored
   7. Click OK to enable logging (see screenshot below)
2. Navigate to the logging file path (as per file location in Logging settings above)
3. Check the log file for any blocked ports

Option 2: Checking Windows Firewall for blocked ports via Command Line

You can also get a list of the active listening and the blocked ports by using the Windows Firewall commands through command prompt. This documented below:

To get a list of the Windows Firewall blocked ports and active ports run:

To get a list of the Windows Firewall configuration run:

Note: The netsh firewall set of commands have been depreciated (although they still work on Windows 2012 R2). The new set of commands are netsh advfirewall firewall .

At this stage I haven’t been able to work out how to get a list of the blocked ports using these new set of commands and hence I still use the old commands.

For more information about netsh advfirewall firewall commands, see the following post >>> (How to use netsh advfirewall firewall set of commands)[https://support.microsoft.com/en-us/kb/947709].

How To – Allow ICMP ping through the Windows Firewall

If you are looking for how to allow ICMP ping through the Windows Firewall (as this is blocked by default on Windows 2008+ server operating systems), then follow the steps in the following article >>> How To – Allow ping through the Windows Firewall.

Checking if other firewalls are blocking ports

What if it isn’t Windows firewall that is blocking your port but rather another external firewall? How do we check if another firewall is blocking any ports?

The following command will show you if possibly any other firewalls are blocking any ports for your application. How it works is pretty simply, if nothing is return it means no ports are currently being blocked. If something is returned, then possibly that is the port that might be blocked. This is a good starting point to check firewall logs on the actual firewall to see if it is being blocked or not.

Linux? Although this is a Windows article, in the event that you need to find out if firewalls are blocking any ports on your linux machines, you can run the following command:

For more information about these commands, take a look at this excellent article by Ather Beg – Identifying and Troubleshooting Firewall Access Issues

Hope this helps!. Let me know if you have any questions or comments below.

How to see if Windows Firewall is blocking a port or program

• Wondering how you can check if a website is blocked by your Firewall? Check the firewall settings.
• The Windows Firewall settings will give you show you any port is blocked on your PC.
• Easily fix any problem caused by your Firewall blocking the Internet with the solutions below.
• The Windows Firewall also allows you to select which programs can run on your computer.

1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
2. Click Start Scan to find Windows issues that could be causing PC problems.
3. Click Repair All to fix issues affecting your computer’s security and performance

• Restoro has been downloaded by 0 readers this month.

The Windows Firewall is a built-in security application that comes with Windows OS since the beginning. The software is built to filter network data transmission to and from your Windows system.

The Firewall will block any suspicious and harmful connection depending on the threat level.

The users can configure the Windows Firewall settings as per their need to block or open port in Windows 10 and other versions. However, at times the Firewall may block ports or programs accidentally by user’s or administrator’s misconfiguration.

Now, if you want to know if the Windows Firewall is blocking a port or program on your system, you need to check your settings. Here’s how to check firewall settings.

How do I check if Windows Firewall is blocking a port ?

1. Check your firewall settings

1. Press Windows Key + R to open Run.
2. Type control and press OK to open Control Panel.
3. Click on System and Security.
4. Scroll down and open Administrative Tools.
   
5. In the Administrative Tools window, open Windows Defender Firewall with Advanced Security.
6. Click on Actions and select Properties.
   
   
7. Now select your preferred Profile (Domain, Private, Publick).
8. In the Logging section, click on the Customize button.
   
9. Click on the drop-down menu for Log dropped packets: and select Yes.
10. Take note of the pfirewall.log path in the Name section.
11. Click OK to save the changes.
    
12. Open File Explorer and go to the path where the log file is saved.
    • It should look something like this: %systemroot%system32LogFilesFirewall
13. Click on the pfirewall.log file and check for any blocked ports.

2. Check for Blocked Port using the Command Prompt

1. Type cmd in the search bar.
2. Right-click on the Command Prompt and select Run as Administrator.
   
3. In the command prompt, type the following command and hit enter.
   • netsh firewall show state
4. This will display all the blocked and active port configured in the firewall.

How to check if Windows Firewall is blocking a program ?

1. Press Windows Key + R to open Run.
2. Type control and press OK to open Control Panel.
3. Click on System and Security.
4. Click on Windows Defender Firewall.
5. From the left pane Allow an app or feature through Windows Defender Firewall.
   
6. In the allowed app window, scroll through all the apps.
7. Locate the app you want to check and see if the app is checked.
   • If it is unchecked, the app is blocked on the Firewall.
8. If your program is blocked, simply uncheck the app and click OK.

In the Customize Settings window, click the circle(s) next to Turn off Windows Defender Firewall for public networks, private networks, or both.

That’s about it for this article. Make sure you follow the solutions thoroughly and see what works for you. Also, feel free to send us any feedback regarding the subject in the comment section below.

Port Checker

Check for open ports and verify port forwarding setup on your router.

What is Port Checker ?

Port Checker is a simple and free online tool for checking open ports on your computer/device, often useful in testing port forwarding settings on a router. For instance, if you’re facing connection issues with a program (email, IM client etc) then it may be possible that the port required by the application is getting blocked by your router’s firewall or your ISP. In such cases, this tool might help you in diagnosing any problem with firewall setup. You could also find this useful for security purpose, in case you’re not sure whether a particular port is open or closed. If you host and play games like Minecraft, use this checker to make sure the server port(25565) is configured properly for port forwarding, then only your friends will be able to connect to your server.

Most Commonly Used Ports

Port numbers ranges from 1 to 65535, out of which well known ports are pre-defined as convention by IANA.

• 0-1023 — Well known ports (HTTP, SMTP, DHCP, FTP etc)
• 1024-49151 — Reserved Ports
• 49152-65535 — Dynamic/Private Ports

Well known ports

• 20 & 21 — FTP (File Transfer Protocol)
• 22 — SSH (Secure Shell)
• 23 — Telnet, a Remote Login Service
• 25 — SMTP (Simple Mail Transfer Protocol)
• 53 — DNS (Domain Name System)
• 80 — HTTP (Hypertext Transfer Protocol)
• 110 — POP3 (Post Office Protocol 3)
• 115 — SFTP (Secure File Transfer Protocol)
• 123 — NTP (Network Time Protocol)
• 143 — IMAP (Internet Message Access Protocol)
• 161 — SNMP (Simple Network Management Protocol
• 194 — IRC (Internet Relay Chat)
• 443 — SSL / HTTPS (Hypertext Transfer Protocol Secure)
• 445 — SMB
• 465 — SMTPS (Simple Mail Transfer Protocol over SSL)
• 554 — RTSP (Real Time Stream Control Protocol)
• 873 — RSYNC (RSYNC File Transfer Services)
• 993 — IMAPS (Internet Message Access Protocol over SSL)
• 995 — POP3S (Post Office Protocol 3 over SSL)
• 3389 — RDP (Remote Desktop Protocol)
• 5631 — PC Anywhere
• 3306 — MySQL
• 5432 — PostgreSQL
• 5900 — VNC
• 6379 — Redis
• 11211 — Memcached
• 25565— Minecraft

If you’re looking for a full list of port numbers check out this wikipedia page. I’ve listed all the common ports above, feel free to enter any custom port number to check. By default, this site is taking your device’s IP address as target ip address (the device through which you’re visiting this web page), but you can change the IP input field to check for other IP addresses — remote clients and servers as well. But, please don’t misuse this option otherwise, I would have to restrict the IP address to source again (as I had done earlier). Please keep in mind that if you’re using a VPN or proxy server then it may not be able to get your device’s IP correctly.

Understanding Port Forwarding

Port forwarding or port mapping involves translating the address (or port number to a new destination), accepting the packets and forwarding it (using routing table). It’s typically used in connecting remote computers to specific programs running on computer (in a private LAN (Local Area Network)). For example : running a public server (HTTP, port 80) on a computer in a private LAN or granting SSH access to a specific computer in a private LAN etc. Read More on Wikipedia.

If you’ve any feedback/suggestion for this website, please let me know.

How to check if a port is blocked on a Windows machine?

On the Windows platform, what native options to I have to check if a port (3306, for example) on my local machine (as in localhost ), is being blocked?

4 Answers 4

Since you are on a Windows machine, these things can be done:

Execute the following command and look for a «:3306» listener (you did not mention UDP/TCP). This will confirm there is something running on the port.

After this, if you are expecting incoming connections on this port and feel that the firewall may be blocking them, you could use start windows firewall logging and check the logs for dropped connections

• Go to Windows Firewall, Advanced settings
• Click on the Settings button next to «Local Area Connection»
• Select «Log dropped packets»
• Look at the log file location (if not present, define one)
• Click OK
• Now, when the connection attempt is made (assuming you know when this is done), look at the log file for a drop on port 3306.
• If this is seen, you will want to add an exception for this port.

There is one more command to check the firewall state
(Updated for Windows 7 users — as referred by Nick below — use netsh advfirewall firewall)

netsh firewall show state

• this will list the blocked ports as well as active listening ports with application associations

This command will dump the Windows firewall configuration detail

netsh firewall show config

If you have an active block (incoming connections are being dropped by firewall) after you start logging, you should see that in the log.

If you are running an application/service that is listening on 3306, the firewall config should show it to be Enabled. If this is not seen, you have probably missed adding an exception with the firewall to allow this app/service.

Finally, port 3306 is typically used for MySQL. So, I presume you are running MySQL server on this windows machine. You should therefore see a listener for 3306 accepting incoming connections. If you do not see that, you need to work with your application (MySQL) to get that started first.