chalk drawing protect your pc with a firewall

It’s a dangerous and distracting internet out there. Hackers are a threat to us all, not just big corporations and government networks. And the web offers a seemingly limitless supply of harmful and time-sucking content that you probably don’t want your network users to see.

A firewall is a really effective answer to these problems. And luckily for you, you probably already have one built into your operating system or internet router. Here’s how to set it up.

Hardware and software firewalls

Broadly speaking, there are two kinds of firewall at your disposal.

Hardware firewalls/Router based firewall – The firewall in your internet router is a hardware firewall: it’s a dedicated device. Because it sits on the gateway between the internet and your whole network, the traffic it filters is usually blocked for everyone. That makes it ideal for setting network-wide filter rules. It’s more efficient and easier to manage than using separate firewalls for each computer too. With one device filtering traffic at your main gateway, you can save computing power and simplify your security policy.

Software firewalls – The firewalls built into Windows and OS X are, of course, software. You can also get third-party firewall software like Comodo and Firewall. These firewalls can only filter traffic to and from the computer they’re installed on.

By using a combination of hardware and software firewalls at each of your network’s gateways, you can build a security policy that looks after your whole network and specific computers.

Setting up your router’s firewall

Your router’s firewall is usually controlled from your browser via a web interface. Check your router’s documentation on how to access it.

Typical features you might want to use include:

Setting security levels – Most router firewalls come with a selection of security levels. As standard, the firewall might block all unsolicited incoming connections, since these are likely to be malicious. You can choose higher or lower security levels according to your needs, and then customize them with additional rules.

Port forwarding – If you use internet services that make incoming connections, then you’ll need to find out the port numbers used by those services and “port forward” them. Typical examples include online games and p2p sharing services.

Address filtering – Block access to specific websites for all of your network users, by creating a list of the domain names you want to filter.

The DMZ – The “demilitarized zone” is an area outside of the firewall that you can assign one or more devices to. Everything in the DMZ can send and receive anything over the network.

Setting up your computer’s firewall

Windows, Mac OS X, and other modern desktop operating systems come equipped with application-layer software firewalls. Like hardware firewalls, they include standard security settings that offer basic protection against hackers and viruses.

Because these are application-layer firewalls, you can also use them to set rules for specific programs on your computer. When a new application tries to use the internet for the first time, your OS’s firewall may prompt you to allow or deny access.

However, basic users should remember that you don’t have to change your settings!

Configuring Windows Firewall

  1.   Swipe right or point top-right and search “firewall,” then open Windows Firewall
  2.   Use the option on the left to turn Windows Firewall on or off
  3.   Set permissions for specific programs with the option “Allow an app or feature through Windows Firewall,” again on the left
  4.   To open ports and set rules, choose Advanced Settings, then Inbound Rules or Outbound Rules, then “New Rule…” in the right pane. A wizard will take you through the process.

Configuring OS X’s application firewall

  1.   Choose System Preferences from the Apple menu, then Security. Click the Firewall tab and then “Turn on Firewall” to enable the firewall.
  2.   Click Advanced Settings to customize the firewall
  3.   Choose “Block all incoming connections” to prevent sharing services from receiving incoming connections
  4.   Click the Add Application (+) button to allow incoming connections for specific applications. Apps can be denied access with the Remove App (-) button.

Now you’re ready to set up your firewall(s) to prevent malicious connections, block network-wide access to harmful websites, open ports needed by your favorite services, and control individual applications’ internet access. For more detailed information, check your firewall’s documentation or help pages.


Click here to go back to ExpressVPN’s internet privacy guides

15 thoughts on “How to Set Up Your Firewall

  1. Same problem & complaint as with Glen:
    I too bought ExpVPN to get anonymized torrent flow (iMac27″ 2015, macOS 10.14).

    ON ExpVPN => BLOCKED Transmission, its Peer Listening Port closed
    OFF ExpVPN => FLOWING Transmission, its Peer Listening Port open

    I set up my Fios router firewall to open a port, same port as set in Transmission – no change to ExpVPN blocking Transmission.

    Bug in ExpVPN?
    or am I mis-configuring ExpVP, Transmission, macOS Firewall?

    IS there a torrent app that DOES work with ExpVPN on

    1. Hi Richard! ExpressVPN will always close all incoming connections, partly for your security and partly because there are hundreds of users sharing the same IP (which improves privacy). We currently do not offer port forwarding.

  2. One reason I got ExpressVPN was to avoid hassles while torrenting. Now I find that my bittorrent port is closed, so the torrenting experience is very poor.

    On top of that I now see that e.g. @Lexie says “no plans to implement port forwarding”. If this is not rectified by the time my subscription runs out, I will be looking elsewhere for a VPN that does allow port forwarding.

    — A Paying Customer —

    1. The result is the same, but the real issue is that ExpressVPN apparently does not even allow normal port pass through if initiated from the outside. Port forwarding would be nice, but disallowing simple externally initiated port pass through goes against a very large use case (torrenting).

      The torrent port is generally configurable, so it isn’t a large issue like everyone wanting to use port 80 for http. Just require users to maintain a list of ports they want passed through (with outside initiation), with the knowledge that unusual port numbers cause less conflicts.

  3. Under the Network tab of the Express VPN router firmware there are settings for the Firewall. A sub-category under there is for Port Forwards, which is described as follows: “Port forwarding allows remote computers on the Internet to connect to a specific computer or service within the private LAN”. I’ve tried to set this up to allow basic port forwarding on my computer running Windows Server 2012 R2 and a Plex server. However, I’ve had no luck. Any instructions on how to do this would be greatly appreciated. Thanks!

    1. Without knowing (really anything) about your setup, perhaps I could suggest to you any anyone else reading these comments about the wealth of knowledge contained at:

      There resources are extensive and hardware specific. Where there is a will, there is a way, or perhaps a hack at any rate. Good luck, wish I had more to offer.

  4. You mention Port Forwarding in the article. I can port forward just fine without ExpressVPN using my LAN IP, but as soon as I activate ExpressVPN all of those ports fail. Do I need to daisy chain to an additional remote ExpressVPN port? If so, where do I get that configuration information?

    1. Raven Lord – I have the same issue. I run WinSSHD on a server to accept incoming tunnels to my local network (a DIY VPN to my home network). When ExpressVPN is turned on on the machine running WinSSHD, all ports are locked out. So, can’t have ExpressVPN on and be accepting incoming tunnel connections.

      Curious if there is a way to allow both to work at the same time.

        1. Hello. You said express VPN does not support port forwarding now. Just curious if it is going to be added at some point.

          1. At the current moments, there are no plans to implement port forwarding. All the best!

  5. While using Transmission on my Mac, I cannot get anything downloaded. Once I turn off Express VPN I can download. The whole point of EVPN is to hide my online activity. How do I set this up to work right? I have EVPN on a Mac using El Capitan and an Apple Extreme router. The firewall has EVPN and Transmission on the “allow” list. Do I “port forward?” If so, how do I set it up? Please help…

    1. That sounds like a bug that we’d want to investigate. It would be very helpful if you could write Support with as much information as possible (version numbers etc). You should receive a reply quickly, and we will follow up with you once the bug is fixed.
      Thank you so much for your help!

  6. When I check the VPN Express to see if all my ports are protected or stealthed I show port 80 is always open. What affect does that have on me using VPN Express to protect me.


    1. Hi Doug,
      When connected to ExpressVPN and conductingg a port scan, you are scanning the ports on the ExpressVPN servers. Many customers are connected to the same IP address at the same time to increase your anonymity. Open ports are used for a few things by us, such as controlling the server, tests, or APIs. No open port ever compromises user security, and no unsolicited traffic is forwarded to our users. When using ExpressVPN, your firewall is always up.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>