With Windows 10 and Server 2019, most needed firewall policies are already built in. Windows Firewall has been enabled by default since Windows XP sp2. But there can be times you should enhance the settings of the Windows firewall to better protect you from lateral movement and attackers. Building rules to binaries or executables, you should build rules based on the binary or executable, not the port. If you build a firewall rule using a port, that port remains open and exposes the system. This ensures that the firewall opens only when the. application is active.”]
Source: https://www.csoonline.com/article/3562743/how-to-optimize-windows-firewall-security.html