Windows firewall rules not aplying sometimes

ost 1 Reputation point
2021-11-09T12:22:41.437+00:00

Is here some windows firewall specialist, who could direct me to solve this problem with WinFW.
Situation is, that sometimes after reboot of windows server 2019 all inbound connections are denied - server is not pingable.
"Sometimes" means after few reboots until 100 reboots. The problem is that after windows update or rebooting many servers there is at least some not coming back to network :(

When I log in locally and Windows Defender Advanced Firewall with Advanced Security on Local Computer settings, I see that Inbound rules exist. If I go to Monitoring - Firewall, then I see that only Cortana, Work from School, Desktop App Web Viewer, Work or school account, Your account rules. So the rules defined in the Inbound settings do not apply. If I create a new PING rule to Inbound rules, the server starts pingig, but this is still the only rule that works. If I run gpupdate, then all rules start working again. If I do not run gpupdate, then server can be like this (not pingable) for days - so automatic gpupdate does not fix this.

What I have tried so far:
secpol - Publick Key Policies - Certificate Path Validation Settings - Network Retrieval - defined and both limits to 1 sec. They manage those settings mentioned in here with similar problem:
https://serverfault.com/questions/547593/windows-firewall-blocks-nearly-all-traffic-after-reboot

WinFW always has Domain Profile. NLA service is with Delayed Start to make sure of it.

netsh advfirewall show global

StrongCRLCheck 0:Disabled

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,200 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,391 Reputation points
    2021-11-12T08:55:37.98+00:00

    Hi there,

    I would suggest following the best practices for configuring Windows Defender Firewall.

    Windows Defender Firewall with Advanced Security provides host-based, two-way network traffic filtering and blocks unauthorized network traffic flowing into or out of the local device. Configuring your Windows Firewall based on the following best practices can help you optimize protection for devices in your network.

    https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring

    You can also follow the steps as per the forum and see if it is Helpful
    https://social.technet.microsoft.com/Forums/windows/en-US/f2bf0f58-6332-44ec-81c9-61e2b42097dd/firewall-rule-doesnt-work?forum=win10itpronetworking

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

  2. Ostud 1 Reputation point
    2022-08-16T10:23:19.62+00:00

    Hi,
    Just in case somebody else finds the topic, then one of the reasons the fault to happen is when in GP the registry processing on every gp update is ON.

    0 comments