Windows 10: Is it recommended to create a local firewall rule to block all traffic coming through the...

Hi,I have an intune device managed environment that uses Microsoft services like microsoft defender for endpoints EDR and other 365 services. Most of our end user devices connect from HOME.I want to know if we have created a Local firewall rule through the intune firewall to BLOCK all incoming traffic for PUBLIC Profile for any protocol, any port, and any source IP.1. Is it recommended to block all incoming traffic for the PUBLIC profile as above?2. What will be the impact?3. Since most devices use the PUBLIC profile as recommended in Windows 11, can Office 365 services communicate or manage

:)

 

Win11Pro is blocking outbound traffic to a specific subnet even with Firewall rule enabling.

Hello,

Based on our understanding of the issue, we recommend that you follow these steps to troubleshoot:

1.Ensure that the firewall rule on the Win11Pro machine explicitly allows ICMP (ping) traffic to the specific subnet. Sometimes, even if general traffic is allowed, ICMP might be blocked separately.

2.Check the routing table on the Win11Pro machine (`route print` in Command Prompt). Make sure there's a route to the problematic subnet through the IPSec tunnel interface and it has a lower metric than any other conflicting routes.

3.IPSec Policies:Check IPSec policies for possible filters that might be blocking the traffic to the specific subnet.

4.Some antivirus software or third-party security solutions may also have their own firewall rules that could be blocking the traffic. Temporarily disable them to test if they're causing the issue.

Regards,

Zunhui

 

Windows 2012 Server - Creating an exception for a block rule in the firewall

Hy, ya'll!

I have to deploy a rule to block all outbound traffic towards port TCP 80 regardless of the destination IP, so I set up an outbound "block" rule in the Windows Firewall specifically against that port. it was straightforward and works like a charm. However,
I can't seem to find a way to add one single IP as an exception to this rule.

I tried creating a new rule allowing all traffic to the IP I'm attempting to whitelist but, from what I can gather, the blocking rules in the Windows firewall take precedence over "allow" rules so that explains why it didn't work.

How can I work around this? All I need is to block outgoing traffic to TCP 80 on all but one IP.

Thanks!

 

firewall rule to block addresses NOT on an IP list?


I am just starting to learn the Windows Firewall (working on both Windows 7 and 10) and I'm not impressed with the inflexibility of its rules. I would like to know if


1. Is there is a way to do what I want with Windows Firewall?
2. Is there is a third-party firewall that would do it?


What I want to do is create a rule that blocks outgoing connections, for program X, that are to a destination **NOT** in an IP list.


Windows Firewall is not very flexible in how you specify IP list rules. When you give an IP list, your rule will match that list... you can't say "trigger the rule for non-matching IP addresses." Therefore to allow outgoing connections to a list, you have to


1. Change the entire firewall policy to block outgoing connections by default so that you can create an "allow rule" matching your list. This will mess up the rest of your programs.


2. Somehow combine a block rule and allow rule. Create a block rule for most traffic, with the "allow" rule overriding it when appropriate. However, this doesn't appear to be possible in general. It **may** be possible for connections that use IPSec, I'm not sure. And I'm not sure if I can use IPSec in my application.

And is there a third-party firewall that can do it? Most 3rd-party firewalls are LESS sophisticated than Windows Firewall, because the use case they are addressing is providing an interface that doesn't require much comprehension. I need one that's actually MORE sophisticated than Windows Firewall.