Windows 10 Firewall (Collect and Add Entries)

Version 1
    Share This:

    I was working with a customer the other day and in troubleshooting some issues they were having we discovered that there were no firewall rules in the Inbound rules for BMC Client Management. This got me thinking on how to identify how many machines had also lost those settings (when agent is installed these entries are added to the firewall rules. When the security team uses GPOs to manage the local Windows "Defender" Firewall and are not aware of the requirement to allow inbound connection over TCP ports 1610 and 1611 things stop working as planned.  The agents are always allowed outbound over any port so when the agent checks in discovers new assignments, they will be assigned and executed.  Things may appear to work but Remote Control will throw an error that the device is unreachable and items you would expect to run immediately do not.

     

    I created a Command Line (Searched internet actually and stole most of it):

     

    Step: Execute Program
    PowerShell.exe -ExecutionPolicy ByPass -Command "Get-NetFirewallRule | Select Name, DisplayName, DisplayGroup,  @{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}}, @{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}, @{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}}, @{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}}, Enabled, Profile, Direction, Action | export-csv 'C:\BCM\Firewall_Rules.csv'"

     

    This will create a CSV file in the C:\BCM folder. The column headers are:

    NameDisplayNameDisplayGroupProtocolLocalPortRemotePortRemoteAddressEnabledProfileDirectionAction

     

    I found that it takes about 3-4 minutes to complete this step and is CPU/Disk intensive.  My CSV file had over 600 rows. If anyone is smart enough to make the above command line more efficient, please feel free and share.

     

    I also created a step to collect the settings for both port 1610 and 1611 using File Analysis via Regular Expression. If port 1610 is found in the file then it will add to custom inventory along with port 1611.  Here is the outcome of these steps. I used this as the REGEX: (.*"1610".*) and (.*"1611".*)

     

     

     

     

     

    If you wish to use the Workflow steps to create the rule if the File Analysis fails to find port 1610 or 1611 in the CSV file then you can use the following:

    Step: Execute Program (each line requires a step)

    netsh advfirewall firewall add rule name="BMC Client Management Agent" dir=in action=allow protocol=TCP localport=1610

    netsh advfirewall firewall add rule name="BMC Client Management Agent" dir=in action=allow protocol=TCP localport=1611

     

    If you have GPO's to manage Firewall Rules then you should have GPO to create these rules because they will be deleted every time the PC is rebooted or a GPO /Force is used.