Windows 10: Win11Pro is blocking outbound traffic to a specific subnet even with Firewall rule enabling.

I have 1 Win11Pro/Domain joined machine that is now blocking outbound traffic to a specific subnet on the other side of the IPSec VPN tunnel. I have the firewall rule enabled to send all traffic to that subnet. Machines from the other side of the tunnel can ping the target machine but the reverse is not working. Interestingly, it can ping machines on the third subnet without issue. Logging showed that the WFP was dropping the packets. Does anyone have a hint?

:)

 

Inbound firewall rule for trusted subnets not working as expected

I'm trying to create a basic domain firewall policy (primarily for Win7) that does two things;

Allow two trusted subnets inbound connection to the host on ALL ports (so essentially open)

Block everything else

All outbound traffic will be unfiltered - only the inbound traffic is being controlled.

I created a domain firewall policy

I added an 'allow trusted subnets' inbound rule, which is as follows;

Action: Allow the connection

Allow all programs

Protocol Type: Any

Scope

Local IP addresses: Any

Remote IP addresses: My two subnets in CIDR annotation

Advanced

Profile: Domain

Block Edge traversal

I then set the Domain profile firewall state to ON, and set Inbound to Block (default) and Outbound to Allow (default). Running RSoP shows the policy is being applied, but here's the problem. Windows still allows inbound connectivity from all untrusted subnets!
My understanding is that setting the Domain policy state to ON means that all traffic inbound will be blocked unless specifically allowed, and I specifically allowed connectivity from only two trusted subnets!

I tried created a 'Deny All' rule after the allow one (even though that should be implied), and that worked great - it blocked everything inbound, even my trusted subnets!!!

Anyone have any idea what's going on here. I'm very familiar with firewalls in general, but this just isn't working as it should do. No other firewall policies are being applied according to RSoP and my testing.

Thanks

 

Windows Firewall Outbound rules

Hi Matthew,

Welcome to Microsoft Community.

I'm Hahn and I'm here to help you with your concern.

Outbound rules are used to control the network traffic that originates from your device and goes to another device on the network or the internet. By default, Windows Firewall allows all outbound network traffic, unless it matches a rule that prohibits the traffic.



If you want to block or allow a specific program or port to communicate outbound, you need to create a custom outbound rule. You can do this by following these steps: Configure firewall rules with group policy - Windows Security | Microsoft Learn



Unfortunately, Windows Firewall Outbound rules issue is not supported on the Microsoft Answers forum. It is more suitable for publishing on Microsoft Learn (English only), you can click on "Ask a question", there are experts who can provide more professional solutions in that place.



Here is a link: Windows 10 Security - Microsoft Q&A to the forum where you can raise specific scenarios and share your idea to help solve the problem.



I won't be able to help you, but I'll leave that question open in case one of our amazing volunteers has ideas for you.



Your Sincerely

| Microsoft Community Support Specialist

 

Windows Firewall issue with outbound rule

We block all outbound here for a number of good reasons beyond the scope of this issue.

We are on win10 1703. A new A/D site was added during the prior week and I found that all of the management tools for DNS,DHCP, etc failed with various errors such as access denied.

The firewall logs show that port 135 outbound was being blocked.

This is in spite of the fact that a rule is in place to allow this traffic.

I modified the rule to explicitly define the remote addresses rather than using the "Intranet" term which resulted in no behavior change.

Adding a ANY/ANY/ANY rule allows traffic.

Do we have a bug?