GPO: Managing Windows Firewall Rules


Windows Server 2019

Presentation

In this tutorial, we will see how to add rules to the Windows Firewall using Group Policy.

For information, the Windows Firewall has been implemented in the Windows operating system with service pack 2 (SP2) of Windows XP. It is now part of the system and some functionalities like DirectAccess requires that it be enabled to work.

In many organizations, system administrators tend to disable the GPO firewall to prevent application blocking.

What I propose to see in this tutorial is to create a policy that will allow all traffic on the domain profile instead of disabling the firewall.

This type of rule remains dangerous, it is advisable to allow only legitimate traffic on your network

By default, the Windows firewall passes all outgoing connections unless a blocking rule is configured. Normally only the rules of incoming traffic are to be configured (RDP, VNC …)

Configuring Group Policy (GPO)

From the Group Policy Management console, right-click at the location where the policy is to be applied and click Create GPO in this domain and link it here 1 .

New strategy

Name the strategy 1 and click OK 2.

name the strategy

Right click on the 1 strategy and click on Edit 2 .

Edit strategy

In the Group Policy Editor, go to the following location: Computer Configuration / Policies / Windows Settings / Security Settings / Windows Firewall with Advanced Security Features.

Strategy editor

Right-click on Incoming Traffic Rule 1 then click on New rule 2 .

Add in rule

Choose the Custom rule type 1 and click Next 2 .

Select rule type

Select All Programs 1 then click Next 2 .

All programs

Protocol type, choose All 1 and click Next 2 .

Allow all protocol

Scope configuration, choose Any IP address 1 and click Next 2 .

Scope

Configure the action of the rule, choose Allow connection 1 then click on Next 2 .

Select action

Select the profile, here to limit the risks the rule will only be applied if the computer is connected to the domain of the company, choose Domain 1 and click Next 2 .

Choose profil

Name 1 the rule and click Finish 2 .

Name rule

The rule has been added to the policy.

firewall rule added

If necessary do the same for outgoing traffic. By default, outbound traffic is not blocked.

Go to a computer in the domain where the policy applies, if necessary make a gpupdate and check that the rule is present in the rules of incoming traffic.

Client rule

Conclusion

In an environment where an Active Directory domain, the Windows Firewall configuration can be done by group policies and making its administration easy.

Now that you know how to create a rule, I invite you to re-enable the firewall on computers to regain control.

If a day needs to block a port on the entire park a rule in a group policy and it’s done.




Leave a Comment