SOLVED

Configure Windows 10 Firewall Rule for MS Teams In- & Outgoing

%3CLINGO-SUB%20id%3D%22lingo-sub-2596811%22%20slang%3D%22en-US%22%3EConfigure%20Windows%2010%20Firewall%20Rule%20for%20MS%20Teams%20In-%20%26amp%3B%20Outgoing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2596811%22%20slang%3D%22en-US%22%3EHi%20guys%3CBR%20%2F%3Ei%20need%20to%20configure%20in%20Endpoint%20security%20panel%20the%20Windows%2010%20Firewall.%20We%20would%20like%20to%20block%20all%20in-%20and%20outbound%20traffic.%20Also%20we%20will%20configure%20a%20rule%20for%20each%20app%20which%20will%20be%20allowed%20to%20communicate.%20For%20MS%20Teams%20i%20have%20issues%20to%20configure%20as%20it%20is%20installed%20in%20the%20userprofile.%3CBR%20%2F%3E%3CBR%20%2F%3EDoes%20anybody%20know%20how%20to%20configure%20that%20without%20using%20a%20Script%20outside%20the%20Endpoint%20security%20section%3F%3CBR%20%2F%3E%3CBR%20%2F%3EMany%20thanks%20for%20your%20feedback%3CBR%20%2F%3EMarc%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2596811%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2596919%22%20slang%3D%22en-US%22%3ERe%3A%20Configure%20Windows%2010%20Firewall%20Rule%20for%20MS%20Teams%20In-%20%26amp%3B%20Outgoing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2596919%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F416227%22%20target%3D%22_blank%22%3E%40marckuhn%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20far%20I%20am%20aware%2C%20you%20can't%20user%20uservariables%20such%20as%20%25localappdata%25%20or%20%25username%25...%20If%20you%20don't%20want%20to%20go%20down%20the%20scripting%20option..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMaybe%20opening%20the%20port%20necessary%20%3F%3C%2FP%3E%3CP%3E%3CSPAN%3ETCP%2C%20Allow%20Ports%2050000-50059%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EUDP%2C%20Allow%20Ports%203479-3481%2C%2050000-50059%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMaybe%20that%20would%20help%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2606503%22%20slang%3D%22en-US%22%3ERe%3A%20Configure%20Windows%2010%20Firewall%20Rule%20for%20MS%20Teams%20In-%20%26amp%3B%20Outgoing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2606503%22%20slang%3D%22en-US%22%3EHi%20Rudy%3CBR%20%2F%3E%3CBR%20%2F%3Ethanks%20for%20your%20response.%20I'm%20not%20sure%20if%20that%20is%20what%20we%20want.%20I'm%20wondering%20if%20configure%20to%20block%20outbound%20traffic%20in%20Windows%20Firewall%20is%20not%20a%20configuration%20which%20is%20used%20a%20lot.%3CBR%20%2F%3E%3CBR%20%2F%3EDo%20you%20configure%20it%20or%20not%3F%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%3CBR%20%2F%3EMarc%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2608443%22%20slang%3D%22en-US%22%3ERe%3A%20Configure%20Windows%2010%20Firewall%20Rule%20for%20MS%20Teams%20In-%20%26amp%3B%20Outgoing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2608443%22%20slang%3D%22en-US%22%3EWe%20are%20using%20it%20to%20block%20some%20well%20known%20reverse%20shell%20ports%20and%20as%20example%20we%20also%20block%20port%2021%20(ftp)%20outgoing.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20a%20blog%20I%20have%20written%20you%20can%20see%20for%20yourself%20the%20results%20when%20blocking%20the%20port%2021%3CBR%20%2F%3ESo%20I%20guess%20its%20worth%20a%20try%20to%20test%20out%20on%20a%20test%20device%3F%20to%20see%20for%20yourself%20if%20it%20what%20you%20want%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcall4cloud.nl%2F2020%2F07%2Fthe-windows-firewall-rises%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcall4cloud.nl%2F2020%2F07%2Fthe-windows-firewall-rises%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E
Contributor
Hi guys
i need to configure in Endpoint security panel the Windows 10 Firewall. We would like to block all in- and outbound traffic. Also we will configure a rule for each app which will be allowed to communicate. For MS Teams i have issues to configure as it is installed in the userprofile.

Does anybody know how to configure that without using a Script outside the Endpoint security section?

Many thanks for your feedback
Marc
4 Replies

@marckuhn 

 

So far I am aware, you can't user uservariables such as %localappdata% or %username%... If you don't want to go down the scripting option..

 

Maybe opening the port necessary ?

TCP, Allow Ports 50000-50059
UDP, Allow Ports 3479-3481, 50000-50059

 

Maybe that would help 

Hi Rudy

thanks for your response. I'm not sure if that is what we want. I'm wondering if configure to block outbound traffic in Windows Firewall is not a configuration which is used a lot.

Do you configure it or not?

Best regards
Marc
best response confirmed by marckuhn (Contributor)
Solution
We are using it to block some well known reverse shell ports and as example we also block port 21 (ftp) outgoing.

In a blog I have written you can see for yourself the results when blocking the port 21
So I guess its worth a try to test out on a test device? to see for yourself if it what you want?

https://call4cloud.nl/2020/07/the-windows-firewall-rises/
Hi Rudy

thanks a lot for your article, sounds great. I will check that and see if that is everything we need.

Best regards
Marc