This document explains how to disable Windows firewall in Control Panel and/or in Local group policy.
It is not recommended to disable firewall for security reasons except to troubleshoot problems.
Keep in mind that GPO firewall and Control Panel firewall are two distinct "firewalls" that let you
manage the same filtering platform behind the scene.
Technically speaking these are called policy stores.
GPO firewall has higher priority which makes Control Panel firewall not active except if explicitly merged into GPO firewall either trough GUI settings or with PowerShell.
NOTE: Disabling firewall does not delete rules, you can enable firewall back again by following same steps.
To disable GPO firewall all you have to do is to set it to Not Configured
, which means only firewall
in Control Panel will be active, and GPO firewall will have no effect.
To do this follow steps below:
- Press start button
- Type:
secpol.msc
- Right click on secpol.msc and click
Run as administrator
- Expand node:
Windows Defender Firewall with Advanced Security
- Right click on:
Windows Defender Firewall with Advanced Security - Local Group Policy Object
- Select
properties
in pop up menu - There are three tabs:
Domain
,Private
andPublic
- Set "Firewall state" to
Not Configured
for all three profiles and click "Apply" for each - You might need to reboot system if the effect is not immediate.
Disabling Control Panel firewall can be done in two ways with different results:
Which means Control panel firewall will be active only when GPO firewall is disbled.
To disable Control Panel firewall so that only GPO firewall works follow steps below:
- Press start button
- Type:
secpol.msc
- Right click on secpol.msc and click
Run as administrator
- Expand node:
Windows Defender Firewall with Advanced Security
- Right click on:
Windows Defender Firewall with Advanced Security - Local Group Policy Object
- Select
properties
in pop up menu - There are 3 tabs:
Domain
,Private
andPublic
- On each tab click under
settings
click onCustomize...
button - Under
Rule merging
setApply local firewall rules
toNo
NOTE: Rule merging means rules from both firewalls will be active as if it's one firewall, this is not recommended for security reasons except to troubleshoot problems.
Which means Control Panel firewall will not be active even if GPO firewall is disabled.
To disable Control Panel firewall so that it's disabled regardless of GPO firewall status then first
step is to temporarily set GPO firewall to Not Configured
which is explained above in section
"Disable GPO firewall"
Next follow steps below:
- Press start button
- Type:
Control Panel
- Open Control Panel app and go to:
Control Panel\All Control Panel Items\Windows Defender Firewall
- Click on
Advanced settings
- Right click on node
Windows Defender Firewall with Advanced Security on Local Computer
- Select
properties
in pop up menu - There are 3 tabs:
Domain
,Private
andPublic
- Set
Firewall state
toOff
for all 3 profiles and clickApply
for each
When done re-enable GPO firewall
If you want to make sure both GPO and Control Panel firewalls are allways disabled follow section
"Make Control Panel firewall not active in Control Panel" but do not re-enable GPO firewall at the end.
You might need to reboot system if the effect is not immediate.