Script to display Firewall profile settings on Windows

Firewall profile information can be useful for troubleshooting firewall issues and verifying compliance with organizational policies. You can access the Firewall settings on a Windows device by navigating to the Start menu and searching for Windows Firewall. But this is not feasible in case of multiple endpoints when the IT admin needs to check the Firewall settings in all of them. In such cases, a script can be used to retrieve and present the firewall configuration information for the current system, including information about the Firewall profiles (i.e., domain, private, and public), the inbound and outbound rules, and the Firewall state. Learn how to push this script via Execute Custom Script action to display Firewall profile settings of Windows devices.

Batch Script

• To display firewall profile settings for all profiles:
  Display Firewall profile settings

  netsh advfirewall show allprofiles

  1	netsh advfirewall show allprofiles

  Replace ‘allprofiles’ with ‘domain’, ‘public’, or ‘private’ to show the Firewall settings for that profile.

  Domain: This profile applies to networks where the host system can authenticate to a domain controller.

  Public: This profile is used to designate public networks such as Wi-Fi hotspots at public places.

  Private: This profile is a user-assigned profile and is used to designate private or home networks.

  On execution of the above command, the following values will be displayed:

  • “Profile Name” Profile Settings:
  • State
  • Firewall Policy Inbound/Outbound
  • LocalFirewallRules
  • LocalConsecRules
  • InboundUserNotification
  • RemoteManagement
  • UnicastResponse ToMulticast
  • LogAllowdConnections
  • LogDroppedConnections
  • FileName
  • MaxFileSize
• To display the list of all active firewall rules:
  Display all Firewall rules

  netsh advfirewall firewall show rule name=all

  1	netsh advfirewall firewall show rule name=all

  On execution of the above command, the following values will be displayed:

  • Rule Name “Name of the rule”
  • Enabled
  • Direction
  • Profiles
  • Grouping
  • LocalIP
  • RemoteIP
  • Protocol
  • LocalPort
  • RemotePort
  • Edge trasnversal
  • Action
• To display IP addresses and ports associated with a firewall rule:
  Display Ip address and ports in a Firewall rule

  netsh advfirewall firewall show rule name="Firewall rule name" verbose | findstr "LocalIP LocalPort RemoteIP RemotePort"

  1	netsh advfirewall firewall show rule name="Firewall rule name" verbose | findstr "LocalIP LocalPort RemoteIP RemotePort"

  Replace “Firewall rule name” with the required Firewall rule.

  On execution of the above command, the following values will be displayed:

  • LocalIP
  • RemoteIP
  • LocalPort
  • RemotePort

  For eg: To display the IP addresses associated with firewall rule name“Google Chrome (mDNS-In)” use:

  Display Ip address and ports in a Firewall rule

  netsh advfirewall firewall show rule name="Google Chrome (mDNS-In)" verbose | findstr "LocalIP LocalPort RemoteIP RemotePort"

  1	netsh advfirewall firewall show rule name="Google Chrome (mDNS-In)" verbose | findstr "LocalIP LocalPort RemoteIP RemotePort"

• To display a list of enabled firewall rules:

  For Inbound traffic:

  List active firewall rule for inbound traffic

  netsh advfirewall firewall show rule name=all | findstr "Enabled: Yes Direction: In"

  1	netsh advfirewall firewall show rule name=all | findstr "Enabled: Yes Direction: In"

  For Outbound traffic:

  List active firewall rule for Outbound traffic

  netsh advfirewall firewall show rule name=all | findstr "Enabled: Yes Direction: Out"

  1	netsh advfirewall firewall show rule name=all | findstr "Enabled: Yes Direction: Out"

  On execution of the above two commands, the following values will be displayed:

  • Rule Name: “Name of the FireWall rule”
  • Enabled
  • Direction
  • Edge transversal

PowerShell Script

• To display firewall profile settings for all profiles:
  Display Firewall profile settings

  Get-NetFirewallProfile

  1	Get-NetFirewallProfile

  On execution of the above command, the following values will be displayed:

  • Name
  • Enabled
  • DefaultInboundAction
  • DefaultOutboundAction
  • AllowedInboundRules
  • AllowedLocalFirewallRules
  • AllowLocalIPsecRules
  • AllowUnicastResponseToMulticast
  • NotifyOnListen
  • EnableStealthModeForIPsec
  • LogFileName
  • LogMaxSizeKilobytes
  • LogAllowed
  • LogBlocked
  • LogIgnored
  • DisabledInteraceAliases

  Add ‘Domain,’ ‘Private,’ or ‘Public’ as parameter to display Firewall settings across respective profiles.
  For example, to display the Firewall settings for the domain profile, use :

  Display Firewall profile settings

  Get-NetFirewallProfile Domain

  1	Get-NetFirewallProfile Domain

• To display a list of enabled firewall rules:
  To display Firewall profile that are enabled

  Get-NetFirewallProfile | Select Name, Enabled

  1	Get-NetFirewallProfile | Select Name, Enabled

  On execution of the above command, the following values will be displayed:

  • Name
  • Domain
  • Private
  • Public
• To display the list of all active firewall rules:
  To display list of all active firewall rules

  Get-NetFirewallRule

  1	Get-NetFirewallRule

  On execution of the above command, the following values will be displayed:

  • Name
  • DisplayName
  • Description
  • DisplayGroup
  • Group
  • Enabled
  • Profile
  • Platform
  • Direction
  • Action
  • EdgeTransversalPolicy
  • LocalSourceMapping
  • LocalOnlyMapping
  • Owner
  • PrimaryStatus
  • Status
  • EnforcementStatus
  • PolicyStoreSource
  • PolicyStoreSourceType
  • RemoteDynamicKeywordAddresses
• To display the IP address filters associated with a specific firewall rule:
  Display IP address firewall rule

  Get-NetFirewallRule -DisplayName 'Firewall rule name'|Get-NetFirewallAddressFilter

  1	Get-NetFirewallRule -DisplayName 'Firewall rule name'|Get-NetFirewallAddressFilter

  On execution of the above command, the following values will be displayed:

  • LocalAddress
  • RemoteAddress

  For eg: To display the IP address filters associated with firewall rule “Google Chrome (mDNS-In)” use:

  Display IP address firewall rule

  Get-NetFirewallRule -DisplayName 'Google Chrome (mDNS-In)'|Get-NetFirewallAddressFilter

  1	Get-NetFirewallRule -DisplayName 'Google Chrome (mDNS-In)'|Get-NetFirewallAddressFilter

• To display list of firewall rules that are set to block traffic:

  For Inbound traffic:

  List Inbound blocking rules

  Get-NetFirewallRule -Action Block -Enabled True -Direction Inbound

  1	Get-NetFirewallRule -Action Block -Enabled True -Direction Inbound

  For Outbound traffic:

  List Outbound blocking rules

  Get-NetFirewallRule -Action Block -Enabled True -Direction Outbound

  1	Get-NetFirewallRule -Action Block -Enabled True -Direction Outbound

  On execution of the above two commands, the following values will be displayed:

  • Name
  • DisplayName
  • Description
  • DisplayGroup
  • Group
  • Enabled
  • Profile
  • Platform
  • Direction
  • Action
  • EdgeTransversalPolicy
  • LocalSourceMapping
  • LocalOnlyMapping
  • Owner
  • PrimaryStatus
  • Status
  • EnforcementStatus
  • PolicyStoreSource
  • PolicyStoreSourceType
  • RemoteDynamicKeywordAddresses
• To display a list of enabled firewall rules:

  For Inbound traffic:

  List active firewall rule for Inbound traffic

  Get-NetFirewallRule | where {($_.enabled -eq $True) -and ($_.Direction -eq "Inbound")} |ft

  1	Get-NetFirewallRule | where {($_.enabled -eq $True) -and ($_.Direction -eq "Inbound")} |ft

  For Outbound traffic:

  List active firewall rule for Outbound traffic

  Get-NetFirewallRule | where {($_.enabled -eq $True) -and ($_.Direction -eq "Outbound")} |ft

  1	Get-NetFirewallRule | where {($_.enabled -eq $True) -and ($_.Direction -eq "Outbound")} |ft

  On execution of the above two commands, the following values will be displayed:

  • Lists the name of all the firewall rules.(For Inbound/ Outbound)