Believe it or not but the Windows Host firewall does not log by default.
Some of you may not even have it enabled, but you really should. Security in depth right? If anyone believes differently please hit me up on Twitter, always happy to debate, and be educated if better practice exists.
“How do you enable firewall logging then?” I hear you shout! Well it’s actually very easy.
Let’s jump straight in. Open Windows Firewall With Advanced Security, then select “Properties” from the right-hand side of the page.
You can see from the top tab that “Domain Profile” is the active tab. If you are not sure which profile you are using you can enable for all profiles. We are using Domain so we select “Specify logging settings for troubleshooting”
Enable both options as shown below, and note the default location for the log file. Simply copy the path so you can create a shortcut or create a new folder somewhere else which is easier to find.
Click “OK” to save and that’s it.
We will look at how we use this Firewall Log in future blogs.