9.3.5 Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

The recommended state for this setting is: No.

Note: When the Apply local firewall rules setting is configured to No, it's recommended to also configure the Display a notification setting to No. Otherwise, users will continue to receive messages that ask if they want to unblock a restricted inbound connection, but the user's response will be ignored.

Rationale:

When in the Public profile, there should be no special local firewall exceptions per computer. These settings should be managed by a centralized policy.

Impact:

Administrators can still create firewall rules, but the rules will not be applied.

Solution

To establish the recommended configuration via GP, set the following UI path to No:

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Settings Customize\Apply local firewall rules

Default Value:

Yes (default). (Firewall rules created by administrators will be applied.)

Additional Information:

Windows Firewall with Advanced Security Technical Implementation Guide:
Version 1, Release 7, Benchmark Date: April 27, 2018

Vul ID: V-17442
Rule ID: SV-54917r3_rule
STIG ID: WNFWA-000024
Severity: CAT II

See Also

https://workbench.cisecurity.org/files/3345