Configure Windows Firewall via Group Policy

Ehsan Shakeeb 21 Reputation points
2022-04-19T18:53:20.237+00:00

Hello,

Our company wants to restrict communication between server and Clients they have decided to enable windows firewall via Group Policy and open only required ports we have Client / Server environment like Multiple Active Directory Server, Microsoft AX Application server and few more servers to communicate to the clients.

I have given the task to perform in the following ways

  • Outbound Connection from the server can be Any
  • Inbound connection to restrict with ports
  • Client Firewall and Server Firewall must be turned on via GPO
  • Allow only Specific Inbound Ports from Both Server and Client Side.
  • Create Separate OU for Client and Server machine

Can you help to know how I can achieve the above and what kind of

Regards,

Ehsan

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,844 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2022-04-19T18:57:02.953+00:00
  2. Limitless Technology 39,351 Reputation points
    2022-04-21T10:02:24.7+00:00

    Hi EhsanShakeeb-3732,

    You will need to open specific ports and allow specific applications in order to allow the services you require to work. You haven't listed everything you need, but here's a link to the firewall settings for Microsoft Dynamics AX:

    https://learn.microsoft.com/en-us/dynamicsax-2012/appuser-itpro/firewall-settings-for-microsoft-dynamics-ax-components

    Here is a link to the firewall configuration for AD domains:

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts

    You can manage WIndows Firewall via Group Policy:

    https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security

    --------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  3. Ehsan Shakeeb 21 Reputation points
    2022-04-21T13:03:28.747+00:00

    Hello,

    thank you for the above posts just want to ask that enabling firewall via GPO doesn't take of Active Directory communication server to server and Server to Client and Client to Server do we have enable the ports for communication.

    Kindly advise.

    Regards,

    0 comments
  4. Dave Patrick 426.1K Reputation points MVP
    2022-04-21T13:36:04.6+00:00

    Active Directory communication server to server and Server to Client and Client to Server do we have enable the ports for communication.

    Nothing needs to be done assuming both got the domain network profile. When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile.
    If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.

    --please don't forget to upvote and Accept as answer if the reply is helpful--