Skip to main content

Cornell University

Firewall Rules on Windows Managed Servers

Firewall rules for managed windows servers, defaults, best practices, IP ranges, and how to get assistance. 

This article applies to: Managed Servers

In This Article

Rules Hierarchy

Firewall rules are based on the following hierarchy.

  • Department rules: Apply to all projects and servers. Example: Windows RDP open to campus (TCP 3389).
  • Project rules: Apply to all servers. Example: Web ports to the world (TCP 80 and 443).
  • Server specific rules: Apply to individual servers. Example: Management rules for my application (such as TCP Port 8443).

Cornell IP Ranges

Firewall rules are based on IP addresses. Cornell has the following IP ranges:


Default Configuration

  • Default outbound: All outbound traffic is allowed.**In the Extra Tier, to increase security, outbound traffic is determined on an as-needed basis.
  • Default inbound: All traffic is denied. Standardized rules are defined to allow things such as monitoring, backups, inventory, and others.

When the server is initially configured, all department and project rules are automatically applied.  (There are no server-specific rules by default.) 

Best Practices

  • Set rules that are as restrictive as possible, while still being functional.
  • After you change firewall rules, test the new configuration.

Apply Firewall Rules to a Server


  • Do not attempt to disable the Windows firewall service. This will drop all connections to the host, requiring a sysadmin to intervene to remedy the problem
  • Denies override all allows. This means setting a deny may accidentally block traffic necessary for monitoring and managing your server. Systems Support recommends that you only set allows.
  • Server specific rules: Feel free to apply the rules yourself. You'll need administrative access.
  • Department and Project rules: Send an email to

If you need assistance:


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.