Disable or Enable Windows Firewall on the Compute Nodes

 

Applies To: Windows HPC Server 2008

After compute nodes have been deployed and added to your Windows HPC Server 2008 cluster, you can use the maintenance tasks in node templates to disable Windows Firewall on one or more compute nodes. This topic explains how to modify and use a node template to run the netsh advfirewall set command to disable or enable Windows Firewall on compute nodes.

Warning


To run maintenance tasks on compute nodes using node templates, you must first bring the compute nodes offline. For this reason, plan in advance to run maintenance tasks when the compute nodes are not being used for computational tasks. If you do not want to bring compute nodes offline, you can use the clusrun command-line tool to run the netsh advfirewall set command. For more information, see the clusrun command reference (https://go.microsoft.com/fwlink/?LinkID=154292).

To disable or enable Windows Firewall on the compute nodes by using a node template

  1. On the head node of your HPC cluster, open HPC Cluster Manager. Click Start, point to All Programs, click Microsoft HPC Pack, and then click HPC Cluster Manager.

  2. In Configuration, in the Navigation pane, click Node Templates.

  3. Double-click the node template that was used to deploy the compute nodes where you want to disable or enable Windows Firewall. The Node Template Editor dialog box opens.

  4. To add a maintenance task that disables or enables the Windows Firewall:

    1. Click Add Task, point to Maintenance, and then click Post Install Command. The new Post Install Command task will be listed in the Maintenance section of the list of node template tasks.

    2. Set the ContinueOnFailure property to True.

    3. If you want to disable the Windows Firewall, in the Command property, type the following command:

      netsh advfirewall set allprofiles state off
      

      If you want to enable the Windows Firewall, in the Command property, type the following command:

      netsh advfirewall set allprofiles state on
      

      For more information about the netsh advfirewall set command, see Netsh Commands for Windows Firewall with Advanced Security (https://go.microsoft.com/fwlink/?LinkID=154293).

  5. If there is a task that you do not want to run at this time that is listed in the Maintenance section of the list of node template tasks, click that task, and then click Delete Task. An example of a maintenance task that you may not want to run at this time is the Activate Operating System task that is added by default to all new node templates.

  6. To save the changes that you have made to the node template and close the Node Template Editor dialog box, click Save.

  7. In Node Management, in the Navigation Pane, click Nodes.

  8. In the List view, select the compute nodes where you want to disable or enable Windows Firewall.

    Warning


    Ensure that all the nodes that you select have been deployed using the node template that you modified. The Node Template column lists the node template for each node.

  9. Right-click your selection, and then click Take Offline. If the Take Offline dialog box opens, click Yes.

  10. After the nodes have been taken offline, right-click your selection again, and then click Maintain.

  11. To bring the nodes online after the maintenance process has completed, right-click your selection again, and then click Bring Online.

The following image shows the node template after the new Post Install Command task is added and configured:

Description

Additional references

Advanced Deployment Operations in Windows HPC Server 2008