Windows Security Center informed me that WFW isn't running, but it couldn't start it. Event log shows ID 7024 with error code 0x5. Googling around led me to this thread, which towards the end suggested KB 943996. Basically the KB suggested to check permissions for account "NT Service\MpsSvc" on several registry keys. This first key I checked and corrected was
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch (needs Query Key and Set Value permission),
and then the Firewall started!
How did that permission got lost?
By the way, still don't know what is the NT Service\MpsSvc account. You have to search that exact name to turn it up on the permission setup screen.