This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I set up a Windows Server 2022 Datacenter Hyper-V machine hosting a few Red Hat VMs. In the Security Logs I'm logging several Event IDs 5157 and 5152 per second showing blocked connections and blocked packets from my VMs. The Windows Filtering Platform is blocking UDP packets sent to the broadcast address for the virtual network hosting the VMs. This traffic is intentional and needs to be allowed. See screenshots below.
I have Windows Firewall allow rules implemented to allow all Inbound and Outbound UDP to the subnet just to see if it clears up the issue. I also unchecked the WFP from the virtual switch the VMs are connected. I'm not sure what additional steps to take to have the WFP allow this traffic.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello,
When the audit displays the Filter Origin and Interface Index, you can determine the root cause of the network packet drop and on which interface it occurred. You can refer to the following links for troubleshooting:
Filter origin audit log | Microsoft Learn
Best Regards
Zunhui
The WSH Default filter origin. When I try to create an explicit allow rule for \device\harddiskvolume3\windows\system32\svchost.exe I get a message stating that "Windows services have been restricted with rules that allow expected behavior only."