Category filter
Script to configure Firewall on Windows devices
Windows Firewall is a security mechanism that protects the device from unauthorized access. It helps secure the endpoints and permits you to create network rules for regulating network traffic. This doc assists you on how to configure firewall settings and rules using scripts via Hexnode UEM.
The Sample Scripts provided below are adapted from third-party Open-Source sites.
Setting up Windows Firewall using scripts
You can use both the Batch files and PowerShell commands to enable the firewall on Windows devices from the Hexnode console.
1. Batch Script
- To enable Firewall on all profiles specifically domain, private and public:
1netsh advfirewall set allprofiles state on
- To disable Firewall on all profiles specifically domain, private and public:
1netsh advfirewall set allprofiles state off
- To enable Firewall on current profile:
1netsh advfirewall set currentprofile state on
Replace ‘currentprofile’ with ‘domainprofile’, ‘publicprofile’, or ‘privateprofile’ to set the Firewall state for a particular profile.
- To disable Firewall on current profile:
1netsh advfirewall set currentprofile state off
Replace ‘currentprofile’ with ‘domainprofile’, ‘publicprofile’, or ‘privateprofile’ to set the Firewall state for a particular profile.
- To add a Firewall rule name for any given application (for instance, Google Chrome) meant for the inbound traffic to the device:
1netsh advfirewall firewall add rule name="SetUpFirewall" dir=in Program="C:\Program Files\Google\Chrome\Application\chrome.exe" action=block
- To allow a port for inbound traffic in Firewall:
1netsh advfirewall firewall add rule name="Allow Port 80" dir=in action=allow protocol=TCP remoteport=80
- To block a port for inbound traffic in Firewall:
1netsh advfirewall firewall add rule name="Allow Port 80" dir=in action=block protocol=TCP remoteport=80
- To remove a configured Firewall rule:
1netsh advfirewall firewall delete rule name=”new_rule”
Replace new_rule with the name of the configured Firewall rule.
2. PowerShell Script
- To enable Firewall on all profiles specifically domain, private and public:
1Set-NetFirewallProfile -All -Enabled True
Replace ‘All’ with ‘Domain,’ ‘Private,’ or ‘Public’ to enable Firewall across respective profiles.
- To disable Firewall on all profiles specifically domain, private and public:
1Set-NetFirewallProfile -All -Enabled False
Replace ‘All’ with ‘Domain,’ ‘Private,’ or ‘Public’ to enable Firewall across respective profiles.
- To add Firewall rule name for any given application (for instance, Google Chrome) meant for the inbound traffic to the device:
1New-NetFirewallRule -Name "Chrome Internet Access" -DisplayName "Chrome Internet Access" -Direction Outbound -Program "C:\Program Files\Google\Chrome\Application\chrome.exe" -Enabled True -Profile Any -Action Block
- To allow a port for outbound traffic in Firewall:
1New-NetFirewallRule -Name "Block Port 80" -DisplayName "Block Port 80" -Direction Outbound -Enabled True -Action Allow -Protocol TCP -RemotePort 80
- To block a port for outbound traffic in Firewall:
1New-NetFirewallRule -Name "Block Port 80" -DisplayName "Block Port 80" -Direction Outbound -Enabled True -Action Block -Protocol TCP -RemotePort 80
- To remove a configured Firewall rule:
1Remove-NetFirewallRule -Name "new_rule"
Replace new_rule with the name of the configured Firewall rule.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
