How to change an existing GPO firewall rule with PowerShell? Set-NetFirewallRule?

Question

I need to replace an IP address in an existing GPO firewall rule. I am able to create a new one with "New-NetFirewallRule -GPOSession $GpoSession -DisplayName test -RemoteAddress '192.168.1.99' -Action Block". But "Set-NetFirewallRule -GPOSession $GpoSession -DisplayName test-RemoteAddress '192.168.1.100'" doesn't work. "Set-NetFirewallRule : A parameter cannot be found that matches parameter name 'GPOSession'". Please help. Thank you.

Answer 1

Hi VadimK4,

Thank you for posting in the Microsoft Community Forums.

First, retrieve the GPO session:

$GpoSession = Get-NetFirewallGPO -PolicyStore 'domain.local' | Where-Object {$_.DisplayName -eq 'YourGPOName'} | Get-NetFirewallRule

Replace 'domain.local' with your domain name, and 'YourGPOName' with the name of your GPO.

Next, find the rule to be modified:

$Rule = Get-NetFirewallRule -GPOSession $GpoSession -DisplayName 'YourRuleName'

Replace 'YourRuleName' with the name of the rule you want to modify.

Then, remove the existing rule using Remove-NetFirewallRule:

Remove-NetFirewallRule -GPOSession $GpoSession -DisplayName 'YourRuleName'

Finally, create a new firewall rule with the updated IP address:

New-NetFirewallRule -GPOSession $GpoSession -DisplayName 'YourRuleName' -RemoteAddress '192.168.1.100' -Action Allow

Replace 'YourRuleName' with the name of the rule, and '192.168.1.100' with the new IP address you want to set.

This way, you'll be able to successfully replace the IP address in an existing GPO firewall rule.

Best regards

Neuvi Jiang

Answer 2

It works. That's what I did. Thank you.