locked
Inbound Firewall Rule in Windows OS using [New-NetFirewallRule] RRS feed

  • Question

  • I was trying to create an inbound firewall rule using the below commandline, but unable to do so.

    New-NetFirewallRule -DisplayName "ConfigMgrRule" -Direction Inbound -LocalPort 80,445,8530 -Protocol TCP -Action Allow -Enabled True -Profile Any -RemoteMachine SVR1 -Verbose


    Error I'm receiving is below:

    New-NetFirewallRule : The authorized remote machines list contains invalid characters, or is an invalid length.
    At line:1 char:1
    + New-NetFirewallRule -DisplayName "ConfigMgrRule" -Direction Inbound - ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException
        + FullyQualifiedErrorId : HRESULT 0x80070057,New-NetFirewallRule

    Note: The machine which I am trying to add is in domain as same as the machine where I am trying to add this rule.


    Cheers! G Praveen | Blog: https://insideconfigmgr.wordpress.com/

    Tuesday, April 23, 2019 7:15 AM

Answers

  • I read the help content and DOCS site as well before posting this here. But I again went to the site and tried finding it and that came up successfully.

    Below is the code which I've used:

    New-NetFirewallRule -DisplayName "ConfigMgrRule" -Direction Inbound -LocalPort 80,445,8530 -Protocol TCP -Action Allow -Enabled True -Profile Any -Authentication Required -RemoteMachine "O:LSD:(A;;CC;;;S-1-5-21-3722371568-3304791771-2777591244-284213)" -OverrideBlockRules 1 -Verbose
    New-NetFirewallRule -DisplayName "ConfigMgrRule" -Direction Outbound -LocalPort 80,445,8530 -RemotePort 80,445,8530 -Protocol TCP -Action Allow -Enabled True -Profile Any -Authentication Required -RemoteMachine "O:LSD:(A;;CC;;;S-1-5-21-3722371568-3304791771-2777591244-284213)" -OverrideBlockRules 1 -Verbose

    Thanks for the suggestion BTW!


    Cheers! G Praveen | Blog: https://insideconfigmgr.wordpress.com/

    • Marked as answer by Bill_Stewart Wednesday, September 4, 2019 9:26 PM
    Tuesday, April 23, 2019 10:13 AM

All replies

  • Please take the time to always read the help before posting as it will usually tell you what is wrong:

     -RemoteMachine <String>
         Specifies that matching IPsec rules of the indicated computer accounts are created.

         This parameter specifies that only network packets that are authenticated as incoming from or outgoing to a computer identified in the list
         of computer accounts (SID) match this rule. This parameter value is specified as an SDDL string.
         Note: Querying for rules with this parameter can only be performed using filter objects. See the Get-NetFirewallSecurityFilter cmdlet for
         more information.


    \_(ツ)_/

    Tuesday, April 23, 2019 7:56 AM
  • I read the help content and DOCS site as well before posting this here. But I again went to the site and tried finding it and that came up successfully.

    Below is the code which I've used:

    New-NetFirewallRule -DisplayName "ConfigMgrRule" -Direction Inbound -LocalPort 80,445,8530 -Protocol TCP -Action Allow -Enabled True -Profile Any -Authentication Required -RemoteMachine "O:LSD:(A;;CC;;;S-1-5-21-3722371568-3304791771-2777591244-284213)" -OverrideBlockRules 1 -Verbose
    New-NetFirewallRule -DisplayName "ConfigMgrRule" -Direction Outbound -LocalPort 80,445,8530 -RemotePort 80,445,8530 -Protocol TCP -Action Allow -Enabled True -Profile Any -Authentication Required -RemoteMachine "O:LSD:(A;;CC;;;S-1-5-21-3722371568-3304791771-2777591244-284213)" -OverrideBlockRules 1 -Verbose

    Thanks for the suggestion BTW!


    Cheers! G Praveen | Blog: https://insideconfigmgr.wordpress.com/

    • Marked as answer by Bill_Stewart Wednesday, September 4, 2019 9:26 PM
    Tuesday, April 23, 2019 10:13 AM