Opening required ports in Windows Defender Firewall

Is commonly needed for services such as HiveMQ broker to open specific ports like 1883 and 8883 in Windows Defender Firewall, you’ll need to create inbound rules to allow traffic through these ports.

Below, we’ll guide you through the process step by step. Ensure you have administrative privileges on your Windows Server to perform these tasks.

Open Windows Defender Firewall with Advanced Security

• Press Win + R to open the Run dialog.

• Type wf.msc and press Enter. This opens the Windows Defender Firewall with the Advanced Security console.
  
  

Create a New Inbound Rule

• In the left pane, click on Inbound Rules.

• In the right pane, click on New Rule… to start the New Inbound Rule Wizard.

Open

Configure Rule Type

• Select Port as the type of rule and click Next.

Open

Specify Ports

• Choose TCP as the protocol

• Select Specific local ports. Enter 1883, 8883 in the field provided.

• Click Next.

Allow the Connection

• Choose Allow the connection as the action to take when a connection matches the rule.

• Click Next.

Profile Specification

• Choose when this rule applies (Domain, Private, Public). Check all that apply based on your network environment. For example, if the server is on a corporate network, you might select Domain and Private. For internet-facing servers, include Public.

• Click Next.

Name and Describe the Rule

1. Name the rule something descriptive, like “Allow HiveMQ MQTT Ports 1883 and 8883”.

2. Optionally, add a description to remind you or inform others what the rule is for (eg. “This rule allows inbound TCP connections on ports 1883 and 8883 for HiveMQ MQTT broker. Port 1883 is used for non-TLS communication, while port 8883 is used for secure communication over TLS. The rule is applicable across Domain, and Private profiles to support both internal and external MQTT client connections.”)

3. Click Finish.

After setting up the firewall rules, it’s a good idea to test the configuration to ensure that the HiveMQ broker services are reachable as expected.

By following these steps, you should be able to successfully configure Windows Defender Firewall to allow traffic on ports 1883 and 8883, facilitating communication with MQTT clients to HiveMQ broker that requires these ports.

PowerShell

If you have some skills in handling PowerShell on Windows Server follow the steps below to easily create the same rule mentioned in the instructions above.

To create Windows Defender Firewall rules using PowerShell to allow traffic on TCP ports 1883 and 8883, you can use the New-NetFirewallRule cmdlet. This cmdlet is used to create inbound or outbound firewall rules in Windows. Here's a command sample on how you can create this rule.

Additional Ports

When setting up a HiveMQ broker, ensuring proper network configurations is essential for successful operation and connectivity. Here are some important ports that you typically need to open for a HiveMQ broker:

1. 1883 - This is the default port for MQTT without SSL/TLS. It's the most common port for MQTT clients to connect to the broker.

2. 8883 - This is the default port for MQTT over SSL/TLS. It's used for secure MQTT communications, which is critical for production environments to ensure data privacy and security.

3. 8000 (optional) - Commonly used for WebSocket connections without SSL/TLS.

4. 8080 (optional) - Commonly used for HiveMQ Control Center.

5. 8888 (optional) - Suggested port for the HiveMQ REST API. This port is essential for managing the broker via the REST API, including administrative actions and querying broker metrics.

6. 8889 (optional) - Suggested port for the HiveMQ Health API. This port allows for health checks and monitoring of the broker's status.