I've worked with the Windows Firewall since it was introduced in Windows XP
SP2 and Windows 2008 since it went to beta.
But, now I'm confused (the system is working fine - its just that netsh
appears to give inconsistent results - see question at the end of this
post).
The server is running Windows Server 2008 64 bit with Hyper-V. In the
"parent" VM, I have AD Domain Services and WSUS installed with the firewall
configured via GPO (this is a small domain I have at home for testing etc.).
If I run the Start, Administrative Tools, Windows Firewall with Advanced
Security it tells me:
For your security, some settings are controlled by Group Policy
Domain Profile is Active
Windows Firewall is on.
Inbound connections that do not match a rule are blocked
Outbound connections that do not match a a rule are allowed
If I run Control Panel, Windows Firewall, it tells me:
For your security, some settings are controlled by Group Policy
Windows Firewall is on.
Inbound connections that do not have an exception are blocked.
Display a notification when a program is blocked: Yes
Network Location: Domain network
If I click Change Settings, the Windows Firewall Settings dialog tells me:
For your security, some settings are controlled by Group Policy
the On radio button is selected, but grayed out
the Exceptions tab shows several exceptions, some set by Group Policy
and some set locally
[I've allowed local exceptions in the Group Policy]
If I run this command (I get the same result in a "normal" and "elevated"
command prompt window)
netsh firewall show state
I get this:
Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Enable
Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
500 UDP Any (null)
4500 UDP Any (null)
88 UDP Any (null)
88 TCP Any (null)
80 TCP Any (null)
53212 TCP Any (null)
53211 TCP Any (null)
53 UDP Any (null)
53 TCP Any (null)
389 UDP Any (null)
389 TCP Any (null)
3268 TCP Any (null)
123 UDP Any (null)
All of the above conforms to my understanding of what I have configured.
If I run this command (I get the same result in a "normal" and "elevated"
command prompt window)
netsh advfirewall show currentprofile
I get this:
Domain Profile Settings:
----------------------------------------------------------------------
State OFF
Firewall Policy BlockInbound,AllowOutbound
LocalFirewallRules N/A (GPO-store only)
LocalConSecRules N/A (GPO-store only)
InboundUserNotification Enable
RemoteManagement Disable
UnicastResponseToMulticast Enable
Logging:
LogAllowedConnections Enable
LogDroppedConnections Enable
FileName
C:\Windows\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize 4096
Ok.
So what does "State OFF" mean when all other indications are that the
firewall is ON?
Bookmarks