create a GPO to allow an inbount rule
Hi,
I need to create a GPO to add an inbound rule of a Windows 7 firewall to allow a specific TCP port.
Our DC is running Windows 2008.
Please advise how to do that.
Thanks.
I need to create a GPO to add an inbound rule of a Windows 7 firewall to allow a specific TCP port.
Our DC is running Windows 2008.
Please advise how to do that.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As far as I know, you can use GPOs only to add rules, not to modify existing ones.
You would need to resort to startup scripts that make use of the command netsh.exe /firewall to make granular changes to existing ones.
You would need to resort to startup scripts that make use of the command netsh.exe /firewall to make granular changes to existing ones.
ASKER
I forgot to say, besides the double entries, I also do not see the rule I added before I exported.
Adding to what MCKnife is indicating my steps are an expectation that you have a computer that will drive firewall policy where configs are made and then imported for that GPO.
If you have a server by server need then you will have to use netsh. e.g
If you have a server by server need then you will have to use netsh. e.g
netsh advfirewall firewall add rule name=FWRule_Name dir=in protocol=tcp localport=xxx-xxxx action=allowASKER
These were what I did:
. create a new rule in Inbound Rules
. After finish, click "Windows Firewall with Advanced Security on Local Computer"
. Action
. export policy
. copy saved policy to a domain controller
. open up gpmc
. create a new GPO
. edit gpo and edit computer configuration>policies>win
. import the policy.
Please let me know I miss anything.
Thanks.
. create a new rule in Inbound Rules
. After finish, click "Windows Firewall with Advanced Security on Local Computer"
. Action
. export policy
. copy saved policy to a domain controller
. open up gpmc
. create a new GPO
. edit gpo and edit computer configuration>policies>win
. import the policy.
Please let me know I miss anything.
Thanks.
Again let's look at what leads to those doubles you see: the policies you set via GPO will not overwrite the present ones. They will co-exist. That's why we recommend netsh-scripting.
ASKER
Ok, fine.
Any idea of why the new rule was not added?
Any idea of why the new rule was not added?
Are you sure that is wasn't? Because what your picture shows are not the same rules - they differ in the rightmost column.
There should be no reason why the defined rule did not show up.
You can go ahead and add it using netsh and check again.
Can you give any details on the rule you are trying to add
You can go ahead and add it using netsh and check again.
Can you give any details on the rule you are trying to add
ASKER
I see the added rule now.
I am going to export one more time without customize existing rules and see if there is any duplicates.
Thanks.
I am going to export one more time without customize existing rules and see if there is any duplicates.
Thanks.
Great, in the future you can use the format from the netsh command I have above 40465686 as an additional option if you do not have a computer from which you can create and fine tune firewall policies for your environment,
Netsh is quite robust and you can configure every aspect of a new firewall rule using this.
Netsh is quite robust and you can configure every aspect of a new firewall rule using this.
ASKER
thanks a lot, guys.
ASKER
I am see double entries on the MODIFIED incoming policies. Please see attached.
fw.png