How to Check Results in Windows Firewall
Windows Defender Firewall controls inbound and outbound network traffic on Windows 10 and Windows 11, but it does not show a simple “results” screen by default.
To see what happened, you need to review firewall logs, Event Viewer entries, and the status of firewall rules and profiles.
This guide explains how to check results in Windows Firewall, what each source tells you, and how to use that information to troubleshoot blocked connections, missing app access, and policy conflicts.
What “results” means in Windows Firewall
When people ask how to check results in Windows Firewall, they usually mean one of three things:
- Whether traffic was allowed or blocked
- Which rule or policy affected the connection
- Why an app, port, or service is not working on the network
Windows Firewall uses the Windows Filtering Platform, firewall profiles, and rule processing to make decisions.
The most useful evidence comes from the firewall log file, Event Viewer, and the currently active rules for Domain, Private, and Public profiles.
Check the firewall status first
Before reviewing logs, confirm that the correct firewall profile is active.
A device can behave differently on a corporate domain network than on a home Wi‑Fi connection.
How to view firewall status in Windows Security
- Open Start and search for Windows Security.
- Select Firewall & network protection.
- Review the active profiles: Domain network, Private network, and Public network.
Each profile can have different rules.
If a connection works on a private network but fails on a public network, the firewall profile is likely part of the reason.
Use Windows Defender Firewall logging
The firewall log is the most direct way to check results in Windows Firewall.
It records packets that were dropped and, if enabled, packets that were allowed.
Enable logging in advanced settings
- Open Windows Security and go to Firewall & network protection.
- Choose Advanced settings to open Windows Defender Firewall with Advanced Security.
- In the left pane, select Windows Defender Firewall with Advanced Security on Local Computer.
- Open Properties.
- For each profile, open Logging and confirm the log path and options.
- Set Log dropped packets to Yes.
- Optionally set Log successful connections to Yes for deeper analysis.
The default log file is commonly stored in C:\Windows\System32\LogFiles\Firewall\pfirewall.log, though the path can be changed per profile.
How to read the firewall log
Open the log in Notepad or another text editor.
The file contains headers and entries that include date, time, action, protocol, source and destination IP addresses, ports, and sometimes the reason for the drop.
Common indicators include:
- DROP: The packet was blocked
- ALLOW: The packet was allowed, if successful connection logging is enabled
- TCP or UDP: The protocol in use
- SRC and DST: Source and destination addresses
- PORT: The network port involved
If you are testing access to a website, server, or app and see repeated DROP entries for the destination port, Windows Firewall or a related policy is likely blocking the traffic.
Check firewall events in Event Viewer
Event Viewer is useful when you want to see system-level firewall activity, policy application, and rule changes.
It provides context that the raw log file does not always include.
Open the relevant log channels
- Press Win + R, type
eventvwr.msc, and press Enter. - Expand Applications and Services Logs.
- Browse to Microsoft > Windows.
- Look for logs such as Windows Firewall With Advanced Security and related security channels.
Focus on events that match the time of your network issue.
Useful entries may show policy changes, rule application failures, or communication blocked by the firewall subsystem.
What to look for in Event Viewer
- Rule changes made by local policy, Group Policy, or management tools
- Profile changes when the network switches from Private to Public
- Filtering events tied to blocked inbound or outbound traffic
- Error events indicating that a service, app, or rule could not load correctly
If the firewall log shows drops but Event Viewer shows a recent policy update, the issue may be coming from Group Policy, Microsoft Intune, or endpoint security software rather than a manual rule.
Review active firewall rules
Another important part of checking results in Windows Firewall is verifying which rules exist and whether they are enabled.
A rule may be present but disabled, scoped to the wrong profile, or limited to a different port or program.
How to inspect rules in Advanced Security
- Open Windows Defender Firewall with Advanced Security.
- Select Inbound Rules or Outbound Rules.
- Find the rule related to the app, service, or port.
- Check whether Enabled is set to Yes.
- Review Action, Profile, Protocol, Local Port, and Program.
For example, an inbound rule for Remote Desktop Protocol should typically allow TCP port 3389 and apply to the correct profile.
If the rule only applies to Private networks but the PC is on Public, the connection may still fail.
Use PowerShell to check firewall results faster
PowerShell is often the fastest way to inspect firewall configuration and rule status.
It is especially helpful on Windows Server and managed endpoints.
Useful PowerShell commands
Get-NetFirewallProfileto view profile settingsGet-NetFirewallRuleto list firewall rulesGet-NetFirewallPortFilterto inspect port-based rulesGet-NetFirewallApplicationFilterto inspect program-based rules
You can also filter by display name to find a specific rule quickly.
This helps confirm whether a rule is enabled, which profiles it affects, and whether it is an allow or block rule.
Match the log entry to the traffic you tested
To get meaningful results, test one connection at a time and then check the log immediately afterward.
Use a browser, ping, telnet, Test-NetConnection, or the application itself, depending on what you are diagnosing.
Best practices for clean testing
- Note the exact time of the test
- Test one port or app at a time
- Use the same network profile during the test
- Temporarily avoid unrelated VPN or proxy changes
If you see no matching log entry, the traffic may not be reaching Windows Firewall at all, or logging may be disabled for the active profile.
If you see a DROP entry with the expected destination IP and port, you have a strong indicator that the firewall is the blocker.
Common reasons Windows Firewall blocks traffic
Understanding the cause helps you interpret the results correctly.
The most common reasons are:
- The rule exists but is disabled
- The rule applies to the wrong profile
- The app is not covered by the program path in the rule
- The port number is incorrect
- A higher-priority block rule overrides an allow rule
- Group Policy or MDM settings enforce stricter rules
- Another security product filters the traffic before Windows Firewall
Windows Firewall uses rule precedence and profile scope, so the presence of an allow rule does not guarantee access if another rule or policy is more specific.
When to reset or troubleshoot further
If the firewall log, Event Viewer, and rule review still do not explain the issue, check for network adapter problems, DNS failures, VPN filtering, or third-party endpoint protection.
You can also use built-in troubleshooting tools and packet capture utilities such as Microsoft Message Analyzer alternatives, Wireshark, or netsh trace for deeper analysis.
For managed environments, compare the local policy with domain policy, Intune configuration, and any baseline security templates.
That is often where the real answer appears when local settings look correct but traffic still fails.