Forum Discussion

Abhishek_Pandey's avatar
Abhishek_Pandey
Copper Contributor
Sep 03, 2020

Endpoint security | Firewall Configuration through Microsoft Endpoint Configuration Manager

Dear Team,

 

I want to Migrate the Firewall policies from McAfee to Windows Defender Firewall. Please suggest and share Migration tool and policy best-practices. Please share the configuration document how can enable the "Endpoint security | Firewall"  policies through Microsoft Endpoint Manager. 

 

Regards,

Abhishek Pandey

 

  • Thiago_Mota's avatar
    Thiago_Mota
    Brass Contributor

    Abhishek_Pandey 

    Hello, is not possible to migrate firewall rules from a third-party AV solution.

    To create and apply firewall rules on client machines you need a GPO or Intune.

    Just a recommendation, Windows Firewall works differently than others. The windows firewall "learns" automatically and creates his own rules for all software to work fine.

    So is not necessary to have a policy with many rules and apply to all machines.

     

    • Abhishek_Pandey's avatar
      Abhishek_Pandey
      Copper Contributor

      Thiago_Mota Thank you so much for the response. 

      As of now I have created and applied the Windows Firewall through Intune with the Block inbound connections. Can we create any custom rules to allow the applications and remote connection or its learn and automatically create the rules.?

       

      • Thiago_Mota's avatar
        Thiago_Mota
        Brass Contributor

        Abhishek_Pandey You can do both. It works together, as "merged". When you apply a custom rule by intune it will add to the current rules already applied to the machine that it was "learned" before.

        Also, you can disable "local rules". So all the rules that the machine have "learned" before will be dismissed, and will only have the custom rules applied remotely by Intune.

        I don't know if I was clear.

    • rbenson09's avatar
      rbenson09
      Copper Contributor

      Thiago_Mota Thank you for your response. So it already knows what kind of traffic to block? How does it learn what connections need to be allowed? Would I only create a firewall rules policy to allow traffic that it blocks? 

      • Thiago_Mota's avatar
        Thiago_Mota
        Brass Contributor

        rbenson09 
        So it already knows what kind of traffic to block?

        It is the opposite. It already know what kind of traffic will be allowed. All other traffic will be blocked.

        How does it learn what connections need to be allowed?
        It learns when you install a new software that use network connections. It automatically creates an allow rule so that software can work fine.
        Would I only create a firewall rules policy to allow traffic that it blocks? 

        Yes. But I suggest to enable it first. You do not need to create firewall rule to each connection or each software. As the majority of them, has been already created automatically. You can check just open advanced security in Windows Defender Firewall, and you will see the current rules applied.

Resources