question

CarstenThomsen-0706 avatar image
0 Votes"
CarstenThomsen-0706 asked CarstenThomsen-0706 commented

Windows firewall server 2016 secpol or OS FW

Hi

What is the difference between opening a inbound TCP port in secpol firewall or in firewall opened in windows?

If I create a inbound rule in secpol it's also visible in OS firewall opened in windows
If I do it the other way it's not visible in secpol

Port opening in windows OS firewall is not working.

Port opening in secpol works fine.

windows-server-2016
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered CarstenThomsen-0706 commented

Hi,

Did you mean Windows Defender Firewall with Advanced Security in Group policy? As picture below:

90184-image.png

In a domain environment, administrator can centrally configure Windows Firewall rule using Group Policy. This way, the rules will be automatically applied to all targeted computers in the domain and therefore increasing the security.

If you configure Windows Firewall Rule using Group Policy, it will create the firewall rule directly on the client computer's GUI.

When there is a conflict, the priority of the firewall in group policy is higher than windows firewall GUI.

Hope this can help you understand better.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.





image.png (57.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi thanks..

yes I mean that defender firewall.

My servers is not in domain.

Problem is that inbound rule is not working when making it i windows firewall in OS, which I would belive is the same as in local policies.
I can see the rule in OS firewall but not in local policies defender firewall
And rule is not working

If I create it in local policies defender firewall it shows up in firewall in OS and is actually working :-)

I have to create rules on several servers and I have a PS script for that, which create rule in OS firewall.
But since this is not working, I need to create rule in local policy defender firewall.
But can't find a simple way to do that with a script.

0 Votes 0 ·

OS windows firewall is the one you get when typing firewall in search field in server 2016 and local policy firewall is the one you attached.

Just so that you know what I write about :-)

0 Votes 0 ·
CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered CarstenThomsen-0706 commented

Hi,

Please check windows firewall's rule merging configuration, as picture below:

The default settings should be yes.

90158-image.png

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (92.4 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ahh.. will check

0 Votes 0 ·

Thanks :-)

Will check monday when I'm back at work...

0 Votes 0 ·

I will wait for your updates. If the information provided was helpful, please try to mark the replies which help you. It will encourage the person who help you.
Appreciate your understanding. :)

0 Votes 0 ·

My settings is like the one in picture.

On top of my settings there is a yellow box.
it says thet some settings are controlled by group policy

0 Votes 0 ·

Did you use public profile or private profile? Make sure rule merging in corresponding network profile is YES.

In addition, did you configure any third-party AV software? Please temporally disable it to do a check.

0 Votes 0 ·