May 18 2020 12:40 AM
I'm trying to configure some Firewall rules in a Microsoft Defender Firewall configuration profile in Intune.
The basic rules (ie enabling Microsoft Defender Firewall and default action like blocking inbound connections on public network) works.
But when I define some custom Firewall rules, they are not applied to the firewall on a Win10 client.
Ie I'm testing a firewall rule called "Allow Ping (Inbound - Public), configured like this:
Name: Allow Ping (Inbound - Public)
Direction: Inbound
Network type: Public
Applications: All
Local addresses: Any address
Remote addresses: Any address
Protocol: Custom
Protocol: 1
Interface type: Local area network
Allow Inbound on Domain and Private works
Block Inbound on Public works
but my Firewall rule never shows up in firewall rules on the Win10 client.
Anyone who can help or have a hint on what I'm doing wrong ?
May 19 2020 12:25 AM
I can only confirm I see the same behavior. The policy is applied, I`m able to ping the device. The rule doesn`t shuw op under the inbound rules.
May 19 2020 12:35 AM
Well, I have found out - through a lot of testing - that the firewall rules that apply to that profile (Domain, Private, Public) is shown in
Windows Defender Firewall... -> Monitoring -> Firewall
That's now the good part...
But sometimes when the rules are applied to a Win-client it reports Error in Intune, but all things seems right at the client..
May 19 2020 12:53 AM
@BillB_Venzo I spent\wasted pretty much my full day today working this out. Finally, i got it working for us.
Our devices are Azure AD joined only. and when I was configuring the firewall rules, I was selecting all the network types (such as DOMAIN, PRIVATE, PUBLIC). Seemed like it didn't like the DOMAIN selection as the device is not joined to any DOMAIN (in a classic sense). When i removed the DOMAIN from the network types, it was successfully applied.
Once successful, your rules should appear in:
Control Panel\System and Security\Windows Defender Firewall\Allowed applications
I still have two issues:
1. Why are these firewall rules not appearing in Advance Settings --> Inbound rules (if it is an inbound rule)
2. In Allowed applications, i saw the rules appearing but the PUBLIC and PRIVATE networks weren't selected.
But when i actually tested the firewall rules (my firewall rule is to allow JAVA.exe) and it works.
Dec 16 2020 08:50 AM
Hey @ShehzadUIT,
MMC does not display every Firewall rules, there are multiple stores like Local, GroupPolicy etc. use PowerShell to retrieve the Firewall rules for the "Active Store" and you will find your configured rules:
Get-NetFirewallRule -PolicyStore ActiveStore
Reference:
Get-NetFirewallRule (NetSecurity) | Microsoft Docs
best,
Oliver
Jul 22 2021 03:51 AM
Thanks @Oliver Kieselbach you have helped me out (again) - would also add to help others that when filtering the results of the PowerShell query use $_.DisplayName not $_.Name as MDM gives the rule a generic string of characters as the name which isn't easy to spot.
so Get-NetFirewallRule -PolicyStore ActiveStore | where-object { $_.DisplayName -eq "YourRuleName" }
Will prove that the rule was created successfully
Jul 22 2021 04:39 AM
Jul 22 2021 04:43 AM
Dec 02 2023 06:08 AM