Use an integrated firewall - If possible, choose an antivirus with built-in firewall module. This approach has two advantages. An integrated firewall uses the same resources of the AV engine and thus consumes fewer resources than separate firewall software. The second advantage is the absence of any conflict with the existing antivirus software on your system. Nowadays a lot of popular antivirus software comes with an integrated firewall system and you can choose from one of your preferred brands.
Do not alter default filtering rules - Sometimes ignorant users try to change the default set of filtering rules applied by the firewall at the time of the installation. You should never try to change these default settings as it may risk opening an unguarded port on the PC. If you ever need to create a custom rule, you should start with an empty template and should build upon it to avoid any kind of inadvertent damage or change to the default filtering engine.
Always keep auto-filter creation prompts active - Smart firewalls have a unique option of user-assisted automated creation of filtering rules. This generally starts with a prompt asking the user to allow and add a new connection request from a new service or software. You must keep this option enabled to help building your filtering engine in auto-mode. Make sure you carefully read the details on the prompt whenever a new rule is added to the firewall in this fashion.
Put all daily usage applications in the white-list - An avid internet user uses some of the applications almost on the daily basis, e.g. - a web browser. You must keep all these applications in the firewall's white-list so that data exchange is smooth and you're not prompted to allow a connection between these applications again and again. This is a one-time activity that builds your white-list with the most trusted applications.
Ensure all commonly used ports are safeguarded - Hackers often use port scanning and socket-based connections to launch attacks on the computer. You must ensure that all the commonly used ports are under your firewall's surveillance. This prevents any kind of suspicious connection requests coming from unknown sources.
Never keep your firewall in silent mode - Some firewalls gives you an option to switch to a silent mode such that no prompt or activity is shown while dealing with suspicious incoming or outgoing connections. You should never switch to this mode as you may not know what's happening behind the scenes. This can create a filtering rule for a legitimate connection without your knowledge which can lead to a big confusion.
Disconnect internet while temporarily stopping your firewall - Although this is very elementary, still, some users do not pay attention to this extremely important precaution while temporarily turning-off their firewall for different reasons. You never know a piece of malware may take advantage of an unguarded situation and may assist in launching an attack on your system in such circumstances. Always ensure you're completely halting your internet connection whenever your firewall is switched-off.
Prune your custom filters library every 3 to 6 months - Power users who frequently create custom filtering rules must audit their filters list at least once every six months. This audit involves deletion of unused or irrelevant filters and tweaking of existing filters. This keeps your filtering engine in a good condition and gives you better protection removing the junk out of the system. This tweaking and cleaning process must be completed while your internet connection is disabled.
Keep a check on firewall's resource consumption - All good firewalls have very low resource consumption. You must check your firewall's resource consumption during the peak hours on a random basis. If it's continuously alarmingly high, then you must think about using some other solution. Randomly checking resource consumption is a handy method to assess the efficiency and effectiveness of your firewall which cannot be traced or tracked by antivirus software.
Always keep your firewall updated to the latest version - This applies to almost any software installed on your system. Sometimes, failing to update your security software leads to infected system despite taking all the precautions. This becomes more important if the vulnerability is found in a specific version and a patch is released by the company in the form of an update. Always keep the auto-update option on and check the status at least once a month.