In this article you can see how to enable audit logging for Windows Firewall with Advanced Security.
Windows Firewall with Advanced Security can log firewall activity such as dropped packets or successful connections. By default the firewall log is: %windir%\system32\logfiles\firewall\pfirewall.log
You can configure firewall logging by using Group Policy if desired. But what if you want to collect more detailed logging of firewall activity such as kernel mode connections/drops and other filtering activity? You can do this by enabling Windows Filtering Platform (WFP) audit logging as follows:
Auditpol /set /category:”System” /SubCategory:”Filtering Platform Packet Drop” /success:enable /failure:enable
Auditpol /set /category:”System” /SubCategory:”Filtering Platform Connection” /success:enable /failure:enable
Note that this form of logging may be very verbose, so be careful when enabling this on a computer in your production environment.