Location of WFAS policy settings

Every Windows computer has WFAS enabled by default, and contains a standard set of inbound and outbound firewall rules that are in effect. Essentially, it "allows all outbound" and "blocks all inbound" by default, though that is just a vague and unspecific way of saying it and isn't completely accurate, as there are actually a myriad of rules that work together to make it feel this way. When you enable certain services and options inside Windows, the operating system is often creating new WFAS rules in the background that enable those functions to work properly.

Since every computer has some firewall rules out of the box, that must mean that WFAS has a ruleset that is stored outside of Group Policy, right? Exactly right. WFAS has a local configuration store that can be seen and edited from inside the Windows Firewall with Advanced Security console individually on every Windows computer you have. To launch that console, you can search for it inside the Start menu, open the Control Panel Windows Firewall settings and click Advanced settings, or my favorite way of doing it—simply type WF.MSC into Start | Run, Command Prompt, PowerShell, or just about anywhere else:

So, you could manipulate the WFAS settings individually on every computer, but who's got time for that? Instead, we can tap into these settings with a GPO. The reason I wanted to point out the local WFAS configuration is because by default it will continue to coexist with your Group Policy firewall rules. The computers do not throw away their local WFAS policy in order to accept the Group Policy settings, rather they remain intact and the GPO settings are added on. We do have the ability to change this behavior as you will learn shortly, but for now it is important to understand that when you create GPOs with firewall settings, some of those settings (such as on/off settings) will overwrite the local WFAS configuration, but many of the GPO settings (such as inbound/outbound rules) are really just adding new information to WFAS, and the local rules will all continue to exist.

Clicking on Inbound Rules, we can see all of those predefined firewall rules that are already inside my local WFAS configuration:

Here is the location inside GPME that you will need to visit in order to modify and create WFAS rules:

Computer Configuration | Policies | Windows Settings | Security Settings | Windows Firewall with Advanced Security | Windows Firewall with Advanced Security

In the previous screenshot, I made sure to have the Inbound Rules section open so that you could see all of the firewall rules that are plugged into my operating system right out of the box. Now looking at the WFAS settings inside GPME, we notice that Inbound Rules is completely empty. This again follows the idea of GPO settings being add-ons to the firewall config. Your existing local WFAS rules and regulations will continue to exist on the workstations, and settings implemented by our GPO will be added in alongside:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.200.112