MultiExcerpt named 'space-announcement' was not found
The multiexcerpt named 'space-announcement' was not found. Please check the page name and MultiExcerpt name used in the MultiExcerpt Include macro.

Configure Windows netsh Firewall for MongoDB

On Windows Server systems, the netsh program provides methods for managing the Microsoft Windows Firewall. These firewall rules enable administrators to control which hosts can connect to the system, and limit risk exposure by limiting the hosts that can connect to a system.

The Windows Firewall processes rules in an order determined by rule type. Rules are parsed in the following order:

  1. Windows service hardening 
  2. Connection security
  3. Authenticated bypass
  4. Block
  5. Allow
  6. Default

By default, the policy in Windows Firewall allows all outbound connections, and blocks all incoming connections. 


If you used the port configuration setting to configure different ports, modify the rules accordingly.

Allow traffic from the MyIT and Smart IT server to and from mongod.exe instances

This pattern is applicable to all mongod.exe instances running as stand-alone instances or as part of a replica set. The goal of this pattern is to explicitly allow traffic to the mongod.exe instance from the MyIT and Smart IT server.

netsh advfirewall firewall add rule name="Open mongod port 27017" dir=in action=allow protocol=TCP localport=27017

This rule allows all incoming traffic to port 27017, which allows the MyIT and Smart IT server to connect to the mongod.exe instance.

Windows Firewall also allows enabling network access for an entire application rather than to a specific port, as in the following example:

netsh advfirewall firewall add rule name="Allowing mongod" dir=in action=allow program=" C:\mongodb\bin\mongod.exe"

Manage and maintain Windows Firewall configurations

This section contains a number of basic operations for managing and using netsh. While you can use the graphical interface to manage Windows Firewall, all core functionality is accessible from netsh.

Delete all Windows Firewall rules

netsh advfirewall firewall delete rule name="Open mongod port 27017" protocol=tcp localport=27017

netsh advfirewall firewall delete rule name="Open mongod shard port 27018" protocol=tcp localport=27018

Delete the firewall rule allowing mongod.exe traffic.

List all Windows Firewall rulesnetsh advfirewall firewall show rule name=allReturn a list of all Windows Firewall rules.
Reset Windows Firewallnetsh advfirewall resetReset the Windows Firewall rules.
Back up and restore Windows Firewall rules

netsh advfirewall export "C:\path\MongoDBfw.wfw"

netsh advfirewall import "C:\path\MongoDBfw.wfw"

To simplify administration of a larger collection of systems, you can export or import firewall systems from different servers) rules on Windows.

Replace path with the directory of your choice.

Was this page helpful? Yes No Submitting... Thank you