What services does SKYLINE provide?

We provide specialized divisions including: Data Centre Design & Build (Tier III/IV), Cybersecurity SOC/NOC Operations, SCADA & Automation, Fire Safety, Construction, HVAC, AI Solutions, Server Infrastructure with HPE & Dell, and Software Development.

Does SKYLINE design and build data centres?

Yes, we specialize in Tier III and Tier IV data centre design and construction including electrical infrastructure, precision cooling, raised flooring, fire suppression, and Schneider Electric UPS systems. All our projects are SACS-002 compliant and trusted by major clients like Saudi Aramco and SABIC.

Where is SKYLINE located?

Our headquarters is in Dammam, Eastern Province, Saudi Arabia. We serve all regions of Saudi Arabia and GCC countries including Riyadh, Jeddah, Khobar, Dhahran, and Jubail.

What compliance certifications does SKYLINE hold?

We comply with NCA-ECC (Essential Cybersecurity Controls), SACS-002 (Saudi Communications Standards for Data Centres), ISO 27001 (Information Security Management), and SAMA Cybersecurity Framework.

What experience does SKYLINE have in the Saudi market?

SKYLINE was founded in 2019 with 6+ years of experience, has completed 15+ mega projects including the FIFA Club World Cup, and serves 200+ clients including Saudi Aramco, SABIC, Maaden, and STC.

SKYLINE Industrial & IT Solutions

A field-tested, step-by-step guide. How to Configure Windows Firewall Rules with PowerShell — prerequisites, the actual commands, verification, and links to related Windows Server topics.

SKYLINE Engineering @skyline

Published: Apr 23, 2026
Last updated: May 28, 2026
Reading time: 2 min

Windows Defender Firewall is built into every Windows Server install and is on by default. The GUI (wf.msc) is fine for one-off changes; PowerShell is the only sane way to do it repeatably.

Prerequisites

Windows Server 2019 / 2022 with an administrator account.
A PowerShell session running as administrator.

Step 1: Confirm the firewall is on

Get-NetFirewallProfile | Format-Table Name, Enabled

All three profiles (Domain, Private, Public) should report True. If not:

Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True

Step 2: Allow a port (inbound)

Allow HTTPS to a web server:

New-NetFirewallRule `
    -DisplayName "HTTPS Inbound" `
    -Direction Inbound `
    -Action Allow `
    -Protocol TCP `
    -LocalPort 443 `
    -Profile Any

Allow RDP from a single subnet only:

New-NetFirewallRule `
    -DisplayName "RDP from corp subnet" `
    -Direction Inbound `
    -Action Allow `
    -Protocol TCP `
    -LocalPort 3389 `
    -RemoteAddress 10.0.10.0/24

Block an outbound destination:

New-NetFirewallRule `
    -DisplayName "Block bad.example.com out" `
    -Direction Outbound `
    -Action Block `
    -RemoteAddress 203.0.113.55/32

Step 3: List and inspect rules

# All rules
Get-NetFirewallRule | Where-Object Enabled -eq True | Sort-Object Direction

# Just one
Get-NetFirewallRule -DisplayName "HTTPS Inbound"

# Rule + its port + address detail
$r = Get-NetFirewallRule -DisplayName "HTTPS Inbound"
$r | Get-NetFirewallPortFilter
$r | Get-NetFirewallAddressFilter

Step 4: Modify an existing rule

Set-NetFirewallRule -DisplayName "HTTPS Inbound" -RemoteAddress 10.0.0.0/8
Disable-NetFirewallRule -DisplayName "HTTPS Inbound"
Enable-NetFirewallRule  -DisplayName "HTTPS Inbound"

Step 5: Delete a rule

Remove-NetFirewallRule -DisplayName "HTTPS Inbound"

For a clean slate (lab only — do not run on production):

Get-NetFirewallRule | Where-Object DisplayName -like "Test*" | Remove-NetFirewallRule

Step 6: Enable application logging

Useful when a connection should work but doesn't:

Set-NetFirewallProfile -Profile Public `
    -LogAllowed True -LogBlocked True -LogIgnored True `
    -LogFileName "%systemroot%\system32\LogFiles\Firewall\pfirewall.log" `
    -LogMaxSizeKilobytes 8192

Get-Content "$env:windir\system32\LogFiles\Firewall\pfirewall.log" -Tail 30 -Wait

Verify

Test-NetConnection www.example.sa -Port 443
Get-NetTCPConnection -State Listen | Sort-Object LocalPort
Get-NetFirewallRule -Enabled True | Measure-Object

Conclusion

PowerShell rules are scriptable, source-controllable, and idempotent — three properties the GUI cannot give you. For repeatable lab/production roll-outs, build a firewall.ps1 and check it into git alongside the Windows DSC.

Next steps

Install the OS itself with Install Windows Server 2022.
Promote it to a DC via Active Directory promotion.
Schedule maintenance with Windows Task Scheduler.

SKYLINE Engineering

@skyline

The engineering team at SKYLINE Industrial Solutions. We publish field-tested guides drawn from real KSA and GCC deployments.

See author profile

SKYLINE engineering services

Need this implemented for you?

Reading is free — building it right takes a team. SKYLINE engineers ship Windows Server for Aramco vendors, banks, hospitals and government agencies across Saudi Arabia. Talk to us before you start.

Microsoft Solutions M365, Azure AD, Windows Server, Exchange IT AMC Annual maintenance, 24/7 SLA, Bronze→Platinum

Talk to a SKYLINE engineer WhatsApp · +966 50 993 9334 Call +966 50 993 9334

Aramco Approved Contractor ISO 9001 · ISO 27001 SAMA CSF aligned NCA ECC ready 247+ KSA clients

Comments

0 total · 0 threads

Be the first to leave a comment.