Forum Discussion

AhmedSHMK's avatar
AhmedSHMK
Brass Contributor
Nov 11, 2024

Firewall Off despite policy being enabled

In Firewall and network protection, It says Firewall is off for all Network types. However it should be on. Is this normal/expected?

 

 

 

 

However, In Sec. providers, Firewall is enabled.

 

 

 

 

 

==========

In PS, Firewall appears to be enabled too.

C:\Windows\System32>netsh advfirewall Show allprofiles

 

Domain Profile Settings:
----------------------------------------------------------------------
State                                 ON
Firewall Policy                       BlockInbound,AllowOutbound
LocalFirewallRules                    N/A (GPO-store only)
LocalConSecRules                      N/A (GPO-store only)
InboundUserNotification               Enable
RemoteManagement                      Disable
UnicastResponseToMulticast            Enable

 

Logging:
LogAllowedConnections                 Disable
LogDroppedConnections                 Disable
FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize                           4096

 

 

Private Profile Settings:
----------------------------------------------------------------------
State                                 ON
Firewall Policy                       BlockInbound,AllowOutbound
LocalFirewallRules                    N/A (GPO-store only)
LocalConSecRules                      N/A (GPO-store only)
InboundUserNotification               Enable
RemoteManagement                      Disable
UnicastResponseToMulticast            Enable

 

Logging:
LogAllowedConnections                 Disable
LogDroppedConnections                 Disable
FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize                           4096

 

 

Public Profile Settings:
----------------------------------------------------------------------
State                                 ON
Firewall Policy                       BlockInbound,AllowOutbound
LocalFirewallRules                    N/A (GPO-store only)
LocalConSecRules                      N/A (GPO-store only)
InboundUserNotification               Enable
RemoteManagement                      Disable
UnicastResponseToMulticast            Enable

 

Logging:
LogAllowedConnections                 Disable
LogDroppedConnections                 Disable
FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize                           4096

 

Ok.

 ===========

In the Intune Firewall Policy the three options are enabled:

 

 

 

  • This can happen if you have a GPO policy for Defender FW also assigned as it will take precedence over Intune against the Defender CSP. 

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor

    This can happen if you have a GPO policy for Defender FW also assigned as it will take precedence over Intune against the Defender CSP. 

    • AhmedSHMK's avatar
      AhmedSHMK
      Brass Contributor

       

      Well, while Gpresult HTML does not show anything related to Firewall, I could locate the following key:

      Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile called EnableFirewall and the value is 0x00000000

      I have since tried to use the command below to enable it to test but it is still showing disabled:

      reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" /v EnableFirewall /t REG_DWORD /d 1 /f Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" -Name "EnableFirewall" -Value 1

       

Resources