Configuring Firewall Settings (Windows Modern)
The Firewall Settings option in the Windows Modern Firewall configuration sets the Global and Network settings for the Windows Defender Firewall on your Windows Modern devices. This can prevent unauthorized connections from the internet or other networks to your enterprise network. Do this when:
Global
Global Details | Description |
---|---|
Disable Stateful FTP | Specify the stateful File Transfer Protocol (FTP) switch. When off, the firewall performs stateful FTP and filters to approve secondary connections. When on, it disables the stateful FTP. |
Enable Packet Queue | Specify how to enable scaling for the software on the receiving side for both the encrypted receive and the clear text forward path in the IPsec tunnel gateway scenario. This also preserves packet order. This value has an integer data type and considers flag combinations. |
Preshared Key Encoding | Specify the pre-shared key encoding for the firewall. |
Security association idle time | Specify the security association idle time in seconds. After
network traffic is not identified for a specified period, it
deletes security assocations.
Restriction: This value must be
within 300 to 3,600 seconds, inclusive. |
IPsec Exceptions | Specify protocols to include in the IPsec exceptions for the firewall. |
Network
Network Details | Description |
---|---|
Enable Domain/Private/Public Network Firewall | Enable to configure the type of firewall. This is the firewall and advanced security enforcement switch. The server does not block network traffic when off, despite any other policy settings. |
Default Inbound Action | Specify the default firewall action on inbound connections. The default is the block action. |
Default Outbound Action | Specify the default firewall action on outbound connections. The default is the block action. |
Global Ports Allow User Pref Merge | Specify the behavior for global port firewall rules. When
turned off, the firewall does not enforce any global port
firewall rule in the local store. The Group Policy store or the
GroupPolicyRSoPStore itemizes this setting. |
Allow Local Policy Merge | Specify the behavior for the local policy merge. When off, the firewall rules from the local store are not applied. |
Allow Local IPsec Policy Merge | Specify the behaviour for the local IPsec policy merge. When off, the firewall ignores all connection security rules from the local store aregardless of schema and connection security rule versions. |
Auth Apps Allow User Pref Merge | Specify the behaviour for the application firewall rules. When off, the firewall ignores all authorized application firewall rules from the local store. |
Shielded | Specify the behaviour for shielding. When on, EnableFirewall is also on, blocking all incoming traffic from the server regardless of other policy settings. |
Disable Inbound Notifications | Specify the behavior for inbound notifications. When off, the firewall can iinform users when a port blocks an application from listening on it. When on, the firewall does not display notifications. |
Disable Stealth Mode | Specify the behavior of stealth mode. When off, the server operates in stealth mode. When on, it disables stealth mode according to the firewall rules. |
Disable Stealth Mode IPsec Secured Packet Exemption | Specify the behavior for stealth mode IPsec secured packet exemption. This option is exempt if DisableStealthMode is on. When on, the IPsec secures the given network traffic, and the firewall's stealth mode rules do not prevent the host computer from responding to unsolicited network traffic. |
Disable Unicast Responses To Multicast Broadcast | Specify the behavior for logging successful inbound connections. When on, the firewall logs all successful inbound connections. Specify the behavior of unicast responses to multicast broadcasts. When on, it blocks the unicast responses to multicast broadcast traffic. |
Log Dropped Packets | Specify the behaviour for logging dropped packets. When on, the firewall logs all dropped packets. |
Log Ignored Rules | Specify the behavior for logging ignored rules. When on, the server can use this value to control the logging of events when a rule is not enforced. |