To turn off Firewall in Windows, open Windows Security > Firewall & network protection > select your active network (Domain, Private, or Public) > toggle Microsoft Defender Firewall to Off.
You can also use Control Panel or run the command netsh advfirewall set allprofiles state off in an elevated Command Prompt. Only disable it temporarily and re‑enable promptly.
If you need to turn off Firewall in Windows for troubleshooting or testing, this guide shows safe, step-by-step methods for Windows 11 and Windows 10, including Windows Security, Control Panel, CMD, PowerShell, and Group Policy.
You’ll also learn safer alternatives like allowing a specific app or port so you keep your device protected while solving connectivity issues.
What “turning off the Windows Firewall” actually does (and when to do it)?
Microsoft Defender Firewall (the built in Windows firewall) filters inbound and outbound traffic based on rules.
Turning it off completely removes that filter, exposing your device to unsolicited connections. Do it only temporarily for example, to confirm whether the firewall is blocking an app, port, VPN client, game server, or development tool.
Safer approach: instead of disabling the firewall, allow the specific app or port you need. This keeps protection intact for everything else.
Quick methods to disable Windows Firewall (Windows 11/10)
- Windows Security app: Toggle Off for the active network profile (fastest for most users).
- Control Panel: Turn off for Domain, Private, or Public profiles.
- Command Prompt (Admin):
netsh advfirewallcommands to disable/enable. - PowerShell (Admin):
Set-NetFirewallProfilefor granular control. - Group Policy (IT/Admins): Enforce settings across a domain.
Method 1: Turn off Windows Firewall via Windows Security
This is the most direct way in Windows 11 and Windows 10.
Windows 11 steps
- Open Start and type “Windows Security,” then open it.
- Select “Firewall & network protection.”
- Under your active profile (Domain, Private, or Public), click it.
- Toggle “Microsoft Defender Firewall” to Off and confirm “Yes” at the UAC prompt.
Windows 10 steps
- Open Start > Settings > Update & Security > Windows Security.
- Click “Firewall & network protection.”
- Select your active network profile.
- Toggle “Windows Defender Firewall” to Off and accept the prompt.
How to turn it back on
- Return to Windows Security > Firewall & network protection.
- Select the profile you disabled and toggle the firewall On.
Method 2: Turn off Windows Firewall via Control Panel
- Open Control Panel (View by: Large icons).
- Click “Windows Defender Firewall.”
- Select “Turn Windows Defender Firewall on or off” in the left pane.
- For each profile (Domain, Private, Public), choose “Turn off Windows Defender Firewall (not recommended).”
- Click OK to apply.
Use this method if the Windows Security UI is restricted or if you prefer classic Control Panel settings.
Method 3: Disable Firewall using Command Prompt (Admin)
Command-line control is ideal for scripts, remote sessions, or quick toggles. Run Command Prompt as Administrator.
REM Turn off Windows Firewall for all profiles
netsh advfirewall set allprofiles state off
REM Turn off only a specific profile
netsh advfirewall set domainprofile state off
netsh advfirewall set privateprofile state off
netsh advfirewall set publicprofile state off
REM Turn the firewall back on
netsh advfirewall set allprofiles state on
REM Check current status
netsh advfirewall show allprofilesNote: Disabling all profiles exposes your device on every network type. Prefer disabling only the profile you’re testing.
Method 4: Disable Firewall using PowerShell (Admin)
PowerShell provides granular control and is script-friendly. Run PowerShell as Administrator.
# Turn off Windows Firewall (all profiles)
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
# Turn off a specific profile only
Set-NetFirewallProfile -Profile Private -Enabled False
# Turn the firewall back on
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True
# Check current state
Get-NetFirewallProfile | Select-Object Name, EnabledTip: PowerShell is better for automation, CI/CD workflows, or when standard UI options are disabled by policy.
Method 5: Using Group Policy (for IT/Admins)
- Press Win+R, type
gpedit.msc, and press Enter (Local Group Policy Editor). - Navigate to Computer Configuration > Administrative Templates > Network > Network Connections > Windows Defender Firewall.
- Under “Domain Profile” and “Private Profile,” open “Windows Defender Firewall: Protect all network connections” and set to Disabled.
- Repeat for “Public Profile” if needed.
- Run
gpupdate /forcein CMD to apply.
In domain environments, use Group Policy Management Console (GPMC) to apply GPOs across OUs. Consider using security baselines and device compliance policies rather than fully disabling the firewall.
Safer alternative: Allow an app or port instead of turning the firewall off
Most connectivity problems do not require disabling the entire firewall. Whitelisting a specific executable or port keeps your system protected while permitting the traffic you need.
Allow an app through Windows Firewall
- Open Windows Security > Firewall & network protection.
- Click “Allow an app through firewall.”
- Click “Change settings” > “Allow another app…”
- Browse to the program’s .exe and add it.
- Select checkboxes for the networks it should use (Private and/or Public).
- Click OK.
Open a specific inbound port (advanced)
- Open Windows Defender Firewall in Control Panel.
- Click “Advanced settings” to launch Windows Defender Firewall with Advanced Security.
- Right-click “Inbound Rules” > “New Rule…”
- Choose “Port” > TCP or UDP > enter the port (for example, 25565 for Minecraft, 3306 for MySQL).
- Select “Allow the connection,” choose profiles, name the rule, and finish.
You can similarly create Outbound rules if the application initiates connections that are being blocked.
Choose the right profile to keep risk low
- Domain network: Used when joined to an Active Directory domain.
- Private network: For trusted home or office networks you designate as private.
- Public network: For cafes, airports, hotels—most restrictive for safety.
If you must disable the firewall, prefer doing it only on the specific profile you are connected to, and never leave the Public profile unprotected on untrusted networks.
Verify your firewall status
- Windows Security: Firewall & network protection shows On/Off per profile.
- Command Prompt:
netsh advfirewall show allprofiles - PowerShell:
Get-NetFirewallProfile | Select Name,Enabled
Troubleshooting: Can’t change firewall settings?
- Managed by your organization: Group Policy or MDM (Intune) may lock settings. Contact your IT admin.
- Third-party firewall/security suite: Some vendors disable Defender Firewall controls. Manage it in the vendor’s console or uninstall their firewall component.
- Windows Defender Firewall service stopped: Press Win+R >
services.msc> ensure “Microsoft Defender Firewall” is Running and Startup Type is Automatic. - Damaged policies or components: Run elevated Command Prompt commands:
sfc /scannowthenDISM /Online /Cleanup-Image /RestoreHealth. - Profile mismatch: You might be connected on a different profile than expected (e.g., Public). Check which profile is active before toggling.
Security best practices (from a hosting and network perspective)
- Disable only as a last resort and for the shortest time. Set a reminder to re-enable.
- Prefer allowing a specific app or port over disabling the entire firewall.
- Harden your device: keep Windows updated, enable SmartScreen, and use reputable DNS filtering.
- For local development: bind dev services to localhost (127.0.0.1) and open rules only on Private networks.
- For servers: rely on layered controls host firewall, cloud security groups, and a web application firewall.
Real world scenarios where disabling may be needed
- Diagnosing why a game server or P2P app can’t receive connections: briefly disable to confirm firewall involvement, then create a rule for the exact port.
- Testing a local web stack (e.g., Docker, WAMP, Node.js): open only the ports you need on the Private profile.
- VPN, RDP, or SSH connectivity issues: verify with a temporary disable, then craft specific inbound rules for the relevant ports.
- Enterprise rollouts: temporarily disable during controlled testing in a lab environment, not in production, and revert immediately.
Risks of turning off Windows Defender Firewall
- Unsolicited inbound traffic can reach your system, especially on Public networks.
- Malware and worms can spread more easily over LAN segments.
- Apps may transmit data without outbound restrictions if you removed them (advanced configs).
- Security compliance failures in corporate environments.
Mitigation: keep the firewall off only as long as necessary, stay on trusted networks, and monitor with a reputable endpoint security suite.
Command quick reference
:: CMD (Admin)
netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state on
netsh advfirewall set privateprofile state off
netsh advfirewall show allprofiles
# PowerShell (Admin)
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True
Get-NetFirewallProfile | Select Name,EnabledFAQ’s – Turn off Firewall in Windows
Is it safe to turn off the Windows Firewall?
Not generally. It increases exposure to network attacks, especially on public Wi‑Fi. If you must disable it, do so briefly, on a trusted network, and re-enable immediately. Prefer allowing a specific app or port.
How do I turn off Firewall in Windows 11 quickly?
Go to Windows Security > Firewall & network protection > click your active network > toggle Microsoft Defender Firewall Off. Remember to turn it back on after testing.
What’s the CMD command to disable Windows Firewall?
Run Command Prompt as Administrator and use: netsh advfirewall set allprofiles state off. Turn it back on with: netsh advfirewall set allprofiles state on.
Can I disable the firewall for only one profile?
Yes. In Windows Security, toggle Off only for the active profile. Via CMD: netsh advfirewall set privateprofile state off (or domain/public). In PowerShell: Set-NetFirewallProfile -Profile Private -Enabled False.
How do I allow a program through the firewall instead?
Windows Security > Firewall & network protection > “Allow an app through firewall” > “Change settings” > “Allow another app…” > select the .exe > choose Private/Public > OK. For ports, use Advanced settings to create an inbound rule.
Does antivirus replace Windows Firewall?
No. Antivirus scans for malware; a firewall controls network traffic. Some security suites include their own firewall—if installed, manage rules within that suite and ensure only one active firewall runs at a time.
Why are my firewall settings locked with “Some settings are managed by your organization”?
Your device is governed by Group Policy or an MDM like Microsoft Intune. Contact your IT administrator or adjust settings in the organization’s management console if you have the rights.
Final Word
Turning off Firewall in Windows is sometimes necessary for troubleshooting, but the safest path is targeted rules and least-privilege changes. If your aim is to expose websites or apps securely to the internet, consider hosting them on a hardened server. YouStable can help with managed hosting, tuned firewall policies, and WAF protection—so you don’t have to compromise endpoint security on your PC.
