The Windows Firewall Policy lets you configure the built-in firewall across various network profiles to enhance network security and manage inbound and outbound traffic on Windows devices. This policy balances security and functionality by providing granular control over firewall behavior in both domain and standard network environments.
This policy works on all JumpCloud supported operating systems. However, individual settings may not be applicable to all versions of Windows.
To configure a Windows Firewall policy:
- Log in to the JumpCloud Admin Portal.
- Go to DEVICES > Policy Management.
- In the All tab, click (+).
- Select the Windows tab.
- Select the Windows Firewall policy, then click configure.
- (Optional) In the Policy Name field, enter a new name for the policy or keep the default. Policy names must be unique.
- (Optional) In the Policy Notes field, enter details like when you created the policy, where you tested it, and where you deployed it.
- Under Settings, select from the following configurations:
- Windows Firewall: Allow local port exceptions (domain profile): This setting allows exceptions for local network ports specifically for the domain network profile. It permits certain ports to bypass the firewall rules for inbound or outbound traffic within a domain network.
- Windows Firewall: Allow local port exceptions (standard profile): Similar to the previous setting, but applies to the standard network profile. It allows exceptions for local network ports in non-domain network environments.
- Windows Firewall: Allow local program exceptions (standard profile): This setting allows exceptions for specific programs to communicate through the firewall in non-domain network environments.
- Windows Firewall: Allow local program exceptions (domain profile): Similar to the previous setting, but applies to domain network environments. It allows specific programs to bypass the firewall rules for communication within a domain network.
- Windows Firewall: Do not allow exceptions (standard profile): This setting prohibits any exceptions for ports or programs in non-domain network environments. It ensures that all traffic must adhere strictly to the firewall rules.
- Windows Firewall: Do not allow exceptions (domain profile):
- Similar to the previous setting, but applies to domain network environments. It prohibits any exceptions for ports or programs within a domain network.
- Windows Firewall: Prohibit notifications (standard profile): This setting disables notifications related to Windows Firewall activities in non-domain network environments.
- Windows Firewall: Prohibit notifications (domain profile): Similar to the previous setting, but applies to domain network environments. It disables notifications related to Windows Firewall activities within a domain network.
- Windows Firewall: Prohibit unicast response to multicast or broadcast requests (domain profile): This setting prevents the system from responding to unicast requests that are initiated through multicast or broadcast in domain network environments.
- Windows Firewall: Prohibit unicast response to multicast or broadcast requests (standard profile): Similar to the previous setting, but applies to non-domain network environments. It prevents the system from responding to unicast requests initiated through multicast or broadcast.
- Windows Firewall: Protect all network connections (domain profile): This setting enhances network security by protecting all network connections within a domain network environment.
- Windows Firewall: Protect all network connections (standard profile): Similar to the previous setting, but applies to non-domain network environments. It enhances network security by protecting all network connections in such environments.
- (Optional) To apply this policy to device groups, select the Device Groups tab. Select one or more device groups that will use this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) To apply this policy directly to devices, select the Devices tab. Select one or more devices that will use this policy.
For this policy to take effect, you must specify a device or a device group.
- Click save.
- Restart all devices where you applied this policy for it to take effect.