SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell. Don’t disable Windows Firewall in your SCCM labs.

Is the Windows firewall disabled on your SCCM / ConfigMgr client machine? Is this because you are too lazy to configure or create Inbound and Outbound rules for applications like SCCM?

OK, I’m also becoming lazy these days for some good reasons 🙂 We can use PowerShell commands to create and enable firewall rules, and it’s not complex.

This post will walk you through creating Outbound Windows Firewall rules for the SCCM / ConfigMgr 2012 client using PowerShell commands.

Patch My PC
Index
SCCM ConfigMgr Client How to Create Windows Firewall
Import the Powershell Security Module for Windows Firewall
Powershell Command for Listing All the Noun Commands which have the “Firewall” Word
PowerShell Command to Edit/Enable the Predefined Rule in Windows Firewall
PowerShell Command to Create a Predefined Rule in Windows Firewall
Powershell Command to Create Outbound Firewall Rule for TCP Port
Run the Following Command to Create an Outbound Firewall Rule for Client Notification TCP Port 10123
Powershell Command to Create Outbound Firewall Rule for UDP Port 
List of All the Noun Commands which has the “Firewall” Word
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Table 1

SCCM ConfigMgr Client How to Create Windows Firewall

I’ve already blogged about creating Inbound rules in Windows Firewall. More details on How to Create Windows Firewall Inbound Rules for SCCM ConfigMgr 2012 Client. Following are the topics that I’m going to cover in this post.

SCCM ConfigMgr Client How to Create Windows Firewall
1. Import the Powershell Security module for Windows Firewall
2. Powershell command to list all the noun commands which have the “Firewall” word
3. PowerShell command to Edit/Enable the Outbound Predefined rule in Windows Firewall
4. PowerShell command to create a predefined rule in Windows Firewall
5.  Powershell command to Create Outbound Firewall rule for TCP Port
6.  Powershell command to Create Outbound Firewall rule for UDP Port
7. List of all the noun commands which has the “Firewall” word
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Table 2

Each topic is covered with screenshots and respective PowerShell commands. I’m still learning PowerShell (taking baby steps), so there could be other/better ways to achieve this task.

These topics are selected for SCCM 2012 client outbound communication port requirements. SCCM ConfigMgr Client: How do you create Windows Firewall Outbound Rules using PowerShell?

1. Import the Powershell Security Module for Windows Firewall

We must load the Windows Firewall Module as shown in the command line. Ensure that you run all these following commands as an administrator on Windows PowerShell ISE.

PS C:\Windows\system32> Import-Module NetSecurity

2. Powershell Command for Listing All the Noun Commands which have the “Firewall” Word

The GCM command will give us a List of all the noun commands with the word “Firewall.” A more Detailed Table of available commands is at the bottom of the post.

PS C:\Windows\system32> gcm -noun *Firewall*

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.1
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.1

3. PowerShell Command to Edit/Enable the Predefined Rule in Windows Firewall

Run the PowerShell command to Edit/Enable the Predefined rule in Windows Firewall for File and Printer Sharing Group. This is a bit tricky as there are two parts to it. When we already have Windows Firewall rules for the File and Printer sharing group, we can run the following command to enable those rules.

The second part is covered in point #4. For the SCCM/ConfigMgr 2012 client, we must allow the Inbound and Outbound Firewall rules for all the predefined ones under the File and Printer Sharing group.

  • All the Firewall Rules related to File and Printer Sharing are disabled 
Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Direction Outbound | Set-NetFirewallRule -Enabled True -Direction Outbound
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.2
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.2

Run the following Powershell command to LIST and enable the rules created under File and Printer Sharing. LIST Command:- (Get-NetFirewallRule -DisplayGroup “File and Printer Sharing” –Direction Outbound).DisplayName.

  • To Enable:- Get-NetFirewallRule -DisplayGroup “File and Printer Sharing” -Direction Outbound | Set-NetFirewallRule –Enabled True -Direction Outbound
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.3
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.3

 Rules under the File and Printer sharing group have been enabled now.

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.4
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.4

4. PowerShell Command to Create a Predefined Rule in Windows Firewall

When no Predefined firewall rules are present in the Windows Firewall console, we can’t use the SET-NetFirewallRule PowerShell command. Instead, we should use New-NetFirewallRule to create a new predefined rule in the Windows Firewall console.

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.5
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.5

Powershell command:- New-NetFirewallRule -DisplayName “File and Printer Sharing (NB-Datagram-Out)” -group “File and Printer Sharing” –Enabled True -Protocol udp -RemotePort 138 –Direction Outbound.

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.6
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.6

A file and Printer Sharing (NB-Datagram-Out) rule has been created. The screenshot was taken after running the Powershell command mentioned above.

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.7
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.7

5. Powershell Command to Create Outbound Firewall Rule for TCP Port

Run the Powershell command to create an Outbound Firewall rule for TCP Port 80 HTT communication. Powershell CMD: – New-NetFirewallRule -direction outbound -InterfaceType Any –Protocol TCP -RemotePort 80 -DisplayName “HTTP Communication”.
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.8
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.8

Run the Following Command to Create an Outbound Firewall Rule for Client Notification TCP Port 10123

Let’s discuss how to Run the following command to create an Outbound Firewall rule for Client Notification TCP Port 10123.

PS C:\Windows\system32> New-NetFirewallRule -direction outbound -InterfaceType Any -Protocol TCP -RemotePort 10123 -DiplayName “Client Notification TCP Port”Name : {42455662-3830-407c-9d1c-ee74b0313a73}
DisplayName : Client Notification TCP Port
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus: OK
Status: The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.9
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.9

In the screenshot, the Windows Firewall with Advanced Security is open. To find the Client Notification TCP port, go to the “Outbound Rules” section and select it there.

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.10
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.10

6. Powershell Command to Create Outbound Firewall Rule for UDP Port 

When you use Network access protection and Wake on Lan, you must open the following UDP ports.
  • Outbound: UDP 67 and UDP 68 for DHCP
  • Outbound: TCP 80/443 for IPsec
  • Outbound: UDP Port 25536
  • Outbound: UDP Port 9

PS C:\Windows\system32> New-NetFirewallRule -direction outbound -InterfaceType Any –Protocol UDP -RemotePort 67,68,25536,9 –DisplayName “a network Access point UDP Ports”.

SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell - Fig.11
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Fig.11

7. List of All the Noun Commands which has the “Firewall” Word

Let’s discuss the list of all the noun commands with the Firewall word. The table below will help you to see more details.

CommandTypeNameModuleName
FunctionCopy-NetFirewallRuleNetSecurity
FunctionDisable-NetFirewallRuleNetSecurity
FunctionEnable-NetFirewallRuleNetSecurity
FunctionGet-NetFirewallAddressFilterNetSecurity
FunctionGet-NetFirewallApplicationFilterNetSecurity
FunctionGet-NetFirewallInterfaceFilterNetSecurity
FunctionGet-NetFirewallInterfaceTypeFilterNetSecurity
FunctionGet-NetFirewallPortFilterNetSecurity
FunctionGet-NetFirewallProfileNetSecurity
FunctionGet-NetFirewallRuleNetSecurity
FunctionGet-NetFirewallSecurityFilterNetSecurity
FunctionGet-NetFirewallServiceFilterNetSecurity
FunctionGet-NetFirewallSettingNetSecurity
FunctionNew-NetFirewallRuleNetSecurity
FunctionRemove-NetFirewallRuleNetSecurity
FunctionRename-NetFirewallRuleNetSecurity
FunctionSet-NetFirewallAddressFilterNetSecurity
FunctionSet-NetFirewallApplicationFilterNetSecurity
FunctionSet-NetFirewallInterfaceFilterNetSecurity
FunctionSet-NetFirewallInterfaceTypeFilterNetSecurity
FunctionSet-NetFirewallPortFilterNetSecurity
FunctionSet-NetFirewallProfileNetSecurity
FunctionSet-NetFirewallRuleNetSecurity
FunctionSet-NetFirewallSecurityFilterNetSecurity
FunctionSet-NetFirewallServiceFilterNetSecurity
FunctionSet-NetFirewallSettingNetSecurity
FunctionShow-NetFirewallRuleNetSecurity
FunctionShow-NetFirewallRuleNetSecurity
SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell – Table 3

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc…

2 thoughts on “SCCM ConfigMgr Client How to Create Windows Firewall Outbound Rules Using PowerShell”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.