For a service on your Windows VPS (IIS site, game server, API) to be reachable from the internet, you usually need to allow the port in Windows Defender Firewall, in addition to any rules at your provider.
Before you start
- Connect via Remote Desktop: see Connect with RDP.
- Know the port number and protocol (TCP or UDP).
- Open only what you need (least privilege).
Method 1: GUI wizard
- Open Windows Defender Firewall with Advanced Security (
wf.msc). - Inbound Rules → New Rule…
- Port → TCP (or UDP) → Specific local ports: e.g.
80,443, or8080. - Allow the connection.
- Select profiles (Domain, Private, Public — on a VPS, Public is often required).
- Name it clearly, e.g.
HTTP IIS 80.
Method 2: PowerShell (TCP 80 and 443)
Open PowerShell as Administrator:
PowerShellNew-NetFirewallRule -DisplayName "HTTP TCP 80" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow New-NetFirewallRule -DisplayName "HTTPS TCP 443" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow
Custom port example:
PowerShellNew-NetFirewallRule -DisplayName "MyApp TCP 5000" -Direction Inbound -Protocol TCP -LocalPort 5000 -Action Allow
Verify something is listening
PowerShellGet-NetTCPConnection -State Listen | Where-Object { $_.LocalPort -eq 80 }
Or:
PowerShellnetstat -ano | findstr :80
Security reminders
- Opening a port exposes the service: keep updates, strong passwords, and TLS for web where possible.
- Confirm cloud security groups if traffic never reaches the VM.
Troubleshooting
- Still unreachable: ensure the app listens on
0.0.0.0or the public interface, not only127.0.0.1. - RDP issues: do not remove system RDP rules; use provider console if locked out.