From 3225ca1fa97c3382fb5b7020af800fdddff2c184 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 16 Nov 2023 14:44:21 -0500 Subject: [PATCH] updates --- .../windows-firewall/configure.md | 99 +++++++++--------- .../images/fw05-rulemerge.png | Bin 25314 -> 0 bytes .../network-security/windows-firewall/toc.yml | 2 +- 3 files changed, 48 insertions(+), 53 deletions(-) delete mode 100644 windows/security/operating-system-security/network-security/windows-firewall/images/fw05-rulemerge.png diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure.md b/windows/security/operating-system-security/network-security/windows-firewall/configure.md index 7fffb1630e..ad871bd902 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/configure.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/configure.md @@ -1,22 +1,27 @@ --- title: Configure Windows Firewall -description: Learn about the available tools to configure Windows Firewall. +description: Learn about the available tools to configure Windows Firewall and best practices. ms.date: 11/15/2023 ms.topic: best-practice --- # Configure Windows Firewall +## Configuration tools + Windows offers different tools to view the status and configure Windows Firewall. All tools interact with the same underlying services, but provide different levels of control over those services: - [Windows Security](#windows-security) - [Control Panel](#control-panel) -- Microsoft Management Console (MMC) -- Command line tools +- [Microsoft Management Console (MMC)](#microsoft-management-console-mmc) +- [Command line tools](#command-line-tools) + +> [!NOTE] +> To change the configuration of Windows Firewall, you must have administative rights on the device. :::row::: :::column span="4"::: - ### Windows Security + #### Windows Security :::column-end::: :::row-end::: :::row::: @@ -27,12 +32,12 @@ Windows offers different tools to view the status and configure Windows Firewall :::column-end::: :::column span="1"::: - :::image type="content" source="images/windows-security.png" alt-text="Screenshot showing the QR code to scan from your phone or tablet." lightbox="images/windows-security.png" border="false"::: + :::image type="content" source="images/windows-security.png" alt-text="Screenshot showing the Windows Security app." lightbox="images/windows-security.png" border="false"::: :::column-end::: :::row-end::: :::row::: :::column span="4"::: - ### Control Panel + #### Control Panel :::column-end::: :::row-end::: :::row::: @@ -40,25 +45,25 @@ Windows offers different tools to view the status and configure Windows Firewall The *Windows Defender Firewall* Control Panel applet (`firewall.cpl`) provides basic functionalities to configure Windows Firewall. :::column-end::: :::column span="1"::: - :::image type="content" source="images/control-panel.png" alt-text="Screenshot showing the QR code to scan from your phone or tablet." lightbox="images/control-panel.png" border="false"::: + :::image type="content" source="images/control-panel.png" alt-text="Screenshot showing the Windows Defender Firewall control panel applet." lightbox="images/control-panel.png" border="false"::: :::column-end::: :::row-end::: :::row::: :::column span="4"::: - ### Microsoft Management Console (MMC) + #### Microsoft Management Console (MMC) :::column-end::: :::row-end::: :::row::: :::column span="3"::: - The *Windows Defender Firewall with Advanced Security* MMC snap-in (`wf.msc`) provides advanced functionalities and is used in centralized group policy (GPO) management solutions to secure complex network traffic found in typical organization environments. + The *Windows Defender Firewall with Advanced Security* MMC snap-in (`wf.msc`) provides advanced configuration functionalities. It can be used locally and in centralized group policy (GPO) management solutions. :::column-end::: :::column span="1"::: - :::image type="content" source="images/mmc-advanced-security.png" alt-text="Screenshot showing the QR code to scan from your phone or tablet." lightbox="images/mmc-advanced-security.png" border="false"::: + :::image type="content" source="images/mmc-advanced-security.png" alt-text="Screenshot of the Windows Defender Firewall with Advanced Security MMC snap-in." lightbox="images/mmc-advanced-security.png" border="false"::: :::column-end::: :::row-end::: :::row::: :::column span="4"::: - ### Command line tools + #### Command line tools :::column-end::: :::row-end::: :::row::: @@ -67,12 +72,9 @@ Windows offers different tools to view the status and configure Windows Firewall :::column-end::: :::row-end::: -> [!NOTE] -> To change the configuration of Windows Firewall, you must have administative rights on the device. - ## Network profiles -Windows Firewall offers three network profiles: domain, private and public. +Windows Firewall offers three network profiles: domain, private and public. The network profiles are used to assign Firewall rules. For example, you can allow a specific application to communicate on a private network, but not on a public network. ### :::image type="icon" source="images/domain-network.svg" border="false"::: Domain network @@ -90,10 +92,10 @@ To view detailed settings for each profile, right-click the top-level **Windows ## Firewall rules -It's recommended to maintain the default Windows Firewall settings whenever possible. The settings are designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections. - In many cases, a first step for administrators is to customize the firewall profiles using *rules*, so that they can work with applications or other types of software. For example, an administrator or user may choose to add a rule to accommodate a program, open a port or protocol, or allow a predefined type of traffic. +It's recommended to maintain the default Windows Firewall settings whenever possible. The settings are designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections. + > [!TIP] > Create your rules in all three profiles, but only enable the firewall rule group on the profiles that suit your scenarios. For example, if you are installing a sharing application that is only used on a private network, then it would be best to create firewall rules in all three profiles, but only enable the firewall rule group containing your rules on the private profile. @@ -117,16 +119,14 @@ A general security recommended practice when creating inbound rules is to be as > [!NOTE] > Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described. -## Create rules for new applications before first launch +## Create rules for new applications -### Inbound allow rules +When first installed, networked applications and services issue a *listen call* specifying the protocol/port information required for them to function properly. Sicne there's a default *block* action in Windows Firewall, you must create inbound exception rules to allow the traffic. It's common for the app or the app installer itself to add this firewall rule. Otherwise, the user (or firewall admin on behalf of the user) needs to manually create a rule. -When first installed, networked applications and services issue a listen call specifying the protocol/port information required for them to function properly. As there's a default block action in Windows Firewall, it's necessary to create inbound exception rules to allow this traffic. It's common for the app or the app installer itself to add this firewall rule. Otherwise, the user (or firewall admin on behalf of the user) needs to manually create a rule. +If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network: -If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network. - -- If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic. -- If the user isn't a local admin, they won't be prompted. In most cases, block rules are created. +- If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic +- If the user isn't a local admin, they won't be prompted. In most cases, block rules are created In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. @@ -143,49 +143,45 @@ To determine why some applications are blocked from communicating in the network 1. A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the prompt, the user cancels or dismisses the prompt 1. A user lacks sufficient privileges and is therefore not prompted to allow the application to make the appropriate policy changes -1. Local Policy Merge is disabled, preventing the application or network service from creating local rules +1. *Local Policy Merge* is disabled, preventing the application or network service from creating local rules -Creation of application rules at runtime can also be prohibited by administrators using the Settings app or Group Policy. +Creation of application rules at runtime can also be prohibited by administrators using the Settings app or policy settings. :::image type="content" alt-text="Windows Firewall prompt." source="images/fw04-userquery.png"::: -See also [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md). - -## Establish local policy merge and application rules +## Local policy merge and application rules Firewall rules can be deployed: -1. Locally using the Firewall snap-in (**wf.msc**) -1. Locally using PowerShell -1. Remotely using Group Policy if the device is a member of an Active Directory Name or managed by Configuration Manager -1. Remotely, using a mobile device management (MDM) solution like Microsoft Intune +1. Locally using the [Microsoft Management Console (MMC)](#microsoft-management-console-mmc) +1. Locally using [command line tools](#command-line-tools) +1. Remotely using group policy (GPO) settings if the device is a member of an Active Directory domain, or managed by Configuration Manager +1. Remotely using the [Firewall CSP](/windows/client-management/mdm/firewall-csp), with a mobile device management (MDM) solution like Microsoft Intune -Rule merging settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for *Domain*, *Private*, and *Public profiles*. +*Rule merging* settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for *Domain*, *Private*, and *Public profiles*. -The rule-merging settings either allow or prevent local administrators from creating their own firewall rules in addition to those rules obtained from Group Policy. +The rule-merging settings either allow or prevent local administrators from creating their own firewall rules in addition to those rules obtained from GPO or CSP. -![Customize settings.](images/fw05-rulemerge.png) +| | Path | +|--|--| +| **CSP** | Domain Profile: `./Vendor/MSFT/Firewall/MdmStore/DomainProfile/AllowLocalPolicyMerge`
Private Profile`./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/AllowLocalPolicyMerge`
Public Profile `./Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalPolicyMerge` | +| **GPO** | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Removable Data Drives** | -> [!TIP] -> In the firewall [configuration service provider](/windows/client-management/mdm/firewall-csp), the equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. +Administrators may disable *LocalPolicyMerge* in high-security environments to maintain tighter control over endpoints. This setting can impact some applications and services that automatically generate a local firewall policy upon installation. -If merging of local policies is disabled, centralized deployment of rules is required for any app that needs inbound connectivity. +> [!IMPORTANT] +> If merging of local policies is disabled, centralized deployment of rules is required for any app that needs inbound connectivity. -Administrators may disable *LocalPolicyMerge* in high-security environments to maintain tighter control over endpoints. This setting can impact some applications and services that automatically generate a local firewall policy upon installation as discussed above. For these types of apps and services to work, admins should push rules centrally via group policy (GP), Mobile Device -Management (MDM), or both (for hybrid or co-management environments). - -[Firewall CSP](/windows/client-management/mdm/firewall-csp) and [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) also have settings that can affect rule merging. - -As a best practice, it's important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools. +As a best practice, it's important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex deployments, a thorough analysis might be needed using network packet capture tools. In general, to maintain maximum security, admins should only deploy firewall exceptions for apps and services determined to serve legitimate purposes. > [!NOTE] -> The use of wildcard patterns, such as *C:\*\\teams.exe* is not supported in application rules. You can only create rules using the full path to the application(s). +> The use of wildcard patterns, such as `C:\*\teams.exe` isn't supported in application rules. You can only create rules using the full path to the application(s). -## Understand group policy processing +## Group policy processing -The Windows Firewall settings configured via group policy or CSP are stored in the registry. By default, group policies are refreshed in the background every 90 minutes, with a random offset of 0 to 30 minutes. +The Windows Firewall settings configured viaGPO or CSP are stored in the registry. By default, group policies are refreshed in the background every 90 minutes, with a random offset of 0 to 30 minutes. Windows Firewall monitors the registry for changes, and if something is written to the registry it notifies the *Windows Filtering Platform (WFP)*, which performs the following actions: @@ -213,12 +209,11 @@ To avoid the issue, leave the policy `Computer Configuration > Administrative Te > > If there's a requirement to force registry deletion and rewrite, then disable background processing by checking the checkbox next to **Do not apply during periodic background processing**. -## Know how to use *shields up* mode for active attacks +## *Shields up* mode for active attacks -An important firewall feature you can use to mitigate damage during an active attack is the "shields up" mode. It's an informal term referring to an easy method a firewall administrator can use to temporarily increase security in the face of an active attack. +An important Windows Firewall feature you can use to mitigate damage during an active attack is the *shields up* mode. It's an informal term referring to an easy method a firewall administrator can use to temporarily increase security in the face of an active attack. -Shields up can be achieved by checking **Block all -incoming connections, including those in the list of allowed apps** setting found in either the Windows Settings app or the legacy file *firewall.cpl*. +Shields up can be achieved by checking **Block all incoming connections, including those in the list of allowed apps** setting found in either the Windows Settings app or . ![Incoming connections.](images/fw06-block.png) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/images/fw05-rulemerge.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw05-rulemerge.png deleted file mode 100644 index 74c49fab7b245e2f8adfa4eb9e8d96e88ce112df..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25314 zcmce-Q+Os{)IFG_la8HEI!4Fo*iOf`ZQDl2wr$()?%1|%+f(^{-^~AJp1GWh_jylM z9aNoDwfEXiC=UVxS_%9np}>GMnIU;Tz#piCya+!?)i}-( zZ~$#9s^$O!g3$Z<15Kntzy<-)4;B;rrRb`C*6CxbIhT0RPNIJrgA|VW;cEEXFUjy5 zJgKU#RG%?js2L_wVxEGGDb0(63+uZNUW{}T*SYRLPdrT6;`1}Te0#EqUxS;KEwJr3} z@3RG~^LRTWQ{8^vCd2b2c<+9Y>Eiv+zEP>!I^7w=uQ5M2XQq|0uJGkep$PCRK*{u>2spB6@1-VK&=MRL8TXq01}n3k>6Wk(R#a+q2}s)gwl zb@i3FSQuA1t1-4vtv+v{C(Be_=_ka*&KH7 z6qa-1%kP-Y?2j$KP`(PYCvr4!tp0>AuPIH#-5a=_l!oD-IHUN9d%rwdG$v!kb<6+H z>PhyOrgk*WHKpL@dHaR;TVwW6g{<-KTQb~H3+a}t&WxuVo=%1Ug_TjEf~f7rE0TBk z>bJk`#=NsAB!s&pg{Ve$>Zr_-vJHoAWoA*@iA!`6==!D=td{vxqE@ooVj=<(+pN>8;5AwU1Yjb&>0g}>BlnLY_|KXsiZSh`y%YbP*V`0#ag|AkClT$ zR4qR2jBBIfieN;6(N+ncq=8+$#W%663b_#ydGa#`7N6&w)zkS`L#V)ygfnF^eZ{Mwf3)8 zx+Pk|S-pz2V|X%$oK(7tQS#t5v$M%>DJq>{OPj>@+EHR{Hpc;bW~gsmJZ+{DIvhoN zaLw`!L_Fm7W zs@q8?FH1hEf^h@Es%=174PPOUq0PW^y?|GQ7J4i*aERj>wjiJ=ABGYNDd!ELfc#J8 z1ZD({9EN8A&1zf3NfS!}X6KZj;9*-}M4?W*YG#@!!U1X|xV zy+5tAeOir1Wd(N&SlR?>0v#>Qwjiw7n9kPAtpk?hs(|^yOFB5Dlo4T;=cRw?r*LT#GgZ_?*@|z7PQxH%j5Wis*J|0!I_eli6Y3PC3boJO~7X0J!b^q^D z%kAIbK}f0-FjGiSq!K#6%WGO91m#6YSwx_=8W?LG*92`?d5(#o5`(yLz zz^BXQA{5c*Bd~h?uCe=-HhRYAHt4;;{}!1!WrXJM;^)mv=B(Pq=xcKEyaCVE+Wk86 zaqaUur^EfY>Ho0mAY);1!rFBeX(M!WNBtavMSzy%hR25sHEINQ*ZnkRGtB;u|G{=Q zM5c3k>|W8@`qXw(C4s}`GV|r*qVgpB<93GX?(QxegW5Wp>vD)}L80DW9YPD3Oovpy zx8!cFZp)qGz3$XhiIat9TJ4UOs;a14@8=^EjE(Ns>|`39_uXM5cdb^>G3JE|bthJ4 zD(^~L8k@%P#?WSj2oYW@G1=Pd4XUsmm=#d8lmlHt8%j3zoyh<+77O z@%lSOUe0f@Of9mgWvyOnC)=}E8?QF3-cM9IPcRUF%T=nq@0UzYR6dqMU2g|_f2it+#KjgjFs43Z7SRFINePuU2RyTcguHVz}!3fJS(k=GVpN*{&u2Kif(*q zvT{x1b`no*X#Z!D&f0liYtR_KJ=N^w%g7__Xhxr?g%?+wA{1PNJZiNm#JlfdKvJUuiO%>2Kq> zBEwzms+E3wUTZdEuEw%#E78eak{lxtjO{tOicB}8uR^WUnpb43rb?1c_v#)ml2aE? zY>d=sH|x0<2ySAnUh14M&kaPt5A=85DN(6jdVhB2@znFL%q+XaVQ8Lsb#K?#o|i84 zM$1Q{1cwi-+YgL%%Ijx>T@X&FL=w{J?5+@P)Fy4}w=)BGR5rUGsZ+Tt8oDDLXW>!m zZ#3>12_BVZ=ln?+5^BOYX84l2psjntQK93`UNLQA^$cB_eSmNja8Nx9}&bOjGznr8&P?ZuT z40rgMV2qb%ZApPvHq!IBHZ|C&gOdr>`}U$*d+j=Aa(1@X`p%&`tp4tfdxHDmEyyN~%Y`0OgokUgEbM@(#&#LuH;m^LT z<&Ly9t{RIQb4nBK6Zb*O+&Qdr=XN=>vQn^5*Snah&>qb7S-a_mt0S)c=5iE6x;vDbSg8WkSCL&3Vx2k&a zdY#=hwQotIa;sVjN`b87F$}XV~SB+0~WaMzA0;sGqk3VKK;$@@J!e6TH0)CCVIVaeg@5 z>??q0JhV=XW%GWtP55NJ=Nr$qxXLfx{iQ~{qFovLf_SCG&x0JDxie#N*M?vx=*H~C z-Do#~2NUq3?Pa~Av*=Q*Zh-R78m4;v<}xiZ9c9Eh6U7}7_rwO>&6KgwiI(ghT4LAT zXlB6~sL%Kz-_$XxFZ3lokY(-XvXuz6jFNnAX1y|Jee##<$ido{ZAxN?c~8a>-5 z=X~3@5Z7^%Y4UB-XbDnw$;9hB%hb*dc;%x+bIOX<24iWS#QO3lW8@7d+Hb!ZuC6&_ zYlE9YXhELQnGm>wmD2vru}U->AGH4c?lkqo#oyj7*zT&w#_G1c6N-a}eGud(?g(zwOy|zk8-~U$)pt%pGT^+u z6mCYgiUny(1N~2BBSficeAVM*&N3Gp_UZ5Ki6-VuAJ%Wnjk+)oleItgk{;O4w^q7e zS6sYrR$SI|En~?1lWBdPm+%k9boiXE8gKTsB(^SZV0k{CCKUdOj+NB1?i|EhzSO8f zrHgfV9!446AB+q5)Lt!a@OVlRi_g>Oo2iY@rYe}=!g+Wpto5IrTBN(YzYQLz##@dV zls}xxVZc09(-f%gg;<^nSCmQF^I&hgmvY$XN2Q9iMHCxV@BF*YV?XG(&Ey7^2Tq&j|vIwm~JGAFl zpWCyQU5`!Mr(8-h`P!BZuQY$%gE*XqxbCzdB_#!mh~s+akI0*s5EHgtuCkO(qj^aN zdobf%g9d757qh){QvH#UCT9?B>Sc6OHFkP5P%>`rt+z%oFk-9Yaf{IOT+2)(uHNox zrE4gR)`}hcz_ui0m8QLEh3BzV+r6V@Gw=`S)CW z37>O^?0o!5Sp?U$-xE5VK0I3NLxv1!;0I$KyjWIRb-V5l%5GC}Rl8l!hZe($sI=hj zG(CodZ*JBEzTK6%_;9QjPq6qt7~AZwv=GlMV~1r|Uzh`gJzSL{O<6nsIak<)_$`{djACf@{#rW8j;VI=q+Qm3}zh5+n z9vK;!d#tOywBUTpyu~wEEPjnJX4b0ysfRpoP(Dmq^<1omfaAx)6P<4J(}kyGNuYUb z3irpYf!P!1uQm=z3}I8L$#(me3PzmaPy86^d*W$p(YLMJNa)WE01#&3KVCRLU9>a} za_DgYFt~~Oh-63iDBTMM)D|bY?0a@PNlGLJ%>+OaAHgPoIKQs?(cuHw%n&TZpX5gX z2++tEm7EO$0Dqm1-$*y}gPuP7mHxBWr!SUU)&23Y+IFV{BgF5Lh_(#zi4^&AEWybQ z97<0v-p?<>BK&E-QvivAfHevNheuN^ zK8=D92A}}QlK_{+m>{t+r~ocHgNujz*BhL{Z_lmsB>ntmTbB)cLaQcS>b!Vg9NQE< z_Ds}9o{R1g_on9fj~Yw#xi|9&FG?=`yS_aD8;8Cf-Tszj{=O3z$XP7P2*V(ZdRm0h zIzF$>>a`Y0;6tUMm6i4QWOdmsL}5p_w1E{ZJ+oe#D)|%Z;wQ^*ik$e+t4l#rMidI? z$+Vsdo3L*~Fln|B%;S3Ua`spn%kqp2tE1BWY8v;|sc5jQwRHnmO@!>s3^QM-dnyrP zTMUcaZ!3%?N$Y*y42`;`VGz@X1k2hvak4A&E_D8`xEy_SjERT%*E5zj z9X`j%A|J2mID+SQy?6*{s!JGXd%&6#kYLP`)I7nyv8Z|%U{)hs-%4$K<7iJT zQd*YdF+Ihd$Rh>m7Bz=Pco5Q^AR8|wj3d|Z&|CbIM&YNTW*)nsn*rpQHOw^u zb>)=IS8*z|VhQRXx40RLrXou1*%0a zId{E;`Cv|>idvx;1Ucl=o`p(RQ*kNuWdo)x-+Qvs?WmvTV=O137xzpmDoLX>n_K)p z;vJ(vq-m(%T%qk^;{GfOO1QT)CW-4p3sfG8lEv@c z-h!N*V(uJ>FtKpY_J=3OuHQ{HT?J$WhT07qHqeubK)P*>3L!?3j>VBJ3>n8HWEv3o)v$xT#KUkmjs4D@_M9xq8~4b)3j+=^Kg?UIZ1z~ z_2bIag$&~?6BrZCw~`*lR6SBNs}=jv9@&^-xI3ixnd{OT!V$*F^}py%{nIBL^H4L2 z7f88`MA5X$T^biNOE+T}y)BiFUK~YDE=n`TxF89^Tu^ybsqj2fwyCp>Ua;%CEE%N01&OP}rUlD1px z#;ivg8HbV87@8cjoF4)@TL{QGx3&l5xe08denit${C{r+U1J8=`j^!W3o9hQp5r?q zT+@C$8pcVF=JH@t@yEuFzH2Mc;~e82qLZalz)fQqthkbS6-u-86^Rfj4{>F2bS&q2 zA?L<+Y3@}JV(%jF8KGHI^%DyUM!Y-6;!jRmwu=fq|E;SqKl9X69!g_UcO&3*`fB2l z%6yGV>XpX&?F5z~nk_R6hV=;YID$wJF2Yt(OPoVwL`gtEfZ`gyx?^a9CWk^8hSBu2 zXeg(3bUxi$vJobsSF-x_IfsVF+)|3)IJ5uc-;Tce$mzoG5e6aqM=imoD`_M9E7Ria zFVhNWx6ix3{jXC~R+8Aw!l#(XtYqZ<~upc?WUHOwMH)b9fF@H^7$4+>JiJ3l!bsn_Nh|4#?ZuAdCTqTdTu)j zH1%y7Lw!$&3qmqt7>T4SRMkB}dD)4=sg@;9M4r(gRMF9kR)%rFbSn%}Wnr@J#Ft%D zIfFI)#0X3e4MiVe$LYi__&jj(U@6CWUGm1%tpnfpd5!l6SN&@C-!KaVg+;z!ymPO^qlCj zMKUuT=P|n$gbai+$rI5_F^ywSy?3X-J{cg0TRo1Dubx4)(OK-0j!PGv-TXSy9kNtv z{5=@C#NqF77v>l+FaXR*tMgp%N8C{E&IqwuXf{kn1x*|m8#xaD#kRlx)-ZL$5-~MI z0HnJWslRcOQYC1DED|Gquh`g1j}!c)fk{xLy(N z=f-GH^yP7}m3YMr0#AhRl}+qdYZ?0yCPU)3veFzTSog?(s5|*rsM~ITy`|G$&@`l5 zPGCT*YSOefAk>GZh&HasAK}>rc+2%jAZe9nIVLnu;l{36jw_^za2c^Au_}TG1oFg5 z{r(vz;F&j>m{f4z|8!a$*sWMxwkBM4a-GVW8G{-{TBDr@aaa};s#;}bpk^Ih%_=Jc9LKMC$_A3w`K?=D zoDwGn)A`*;(T#rdG7iYZC8b`?CZ#hb?fe1U#wF+E;z*}B)xs1NCnJJ_Z?^fx0bI|f z;u>I0qhjqxiQIOHH}m(zjZ-9nOPP-}(l@|6JsmZk4om-r?Si^Lfr=cg+fR8ZAnrHW|j*i_F9*kg<-mgv&q;pK? z^;#-x-yiSBmkl7nkS;Sp?(uJN>Crw3AYMQH6Ma_JFKuQDZvnc5K>DK+m7E3Pc>rQ+ zhPNpO4vauoB5zbEX|WIa8TO-fHBYF^HNb! ziS<{!*l=Ez_p?rMsAcsV>)hsoTfPv{b%6DXozKVq1Tf^_;)9S@-}gHgmd|-?Z#uUx z;Xh9U9Bd+$3gF1yniXsCL+*HNPdc}+o5V)e-uHfdkpkw-A@EO!+YM0T=eLRa!rzJc zZ(f`I9(_jDt1rkY&ShCt2t91ToxBprioA5qSdn;#1WA6*Qi(TMOLf(=7dR|%)sswC zTN*b&3%$=%iMGb02qS<$|E3{l%Mc0`A_g@{=uBm1(M!> zkZhOuQmFUWDAH%wd|DCgKu2@~&U6`7puM)Yj@7XueQVpR<|4_jaDVacdEh zOBOdo#_uggD{lQQO>vfO5*nQEj{w-6md`s0VjrfUQMlUjs2}D2`|fG|>qm$2`N17^ zb^c3yM|6`<#4~9r)2@^d>`JnFh=iSHj`aI!eR`JXP9&MekGHpB?8dtNpgWUv@u#IO zWVPw^z?VSiPcD{HGH3IkrTbysLpdIUTAf%xtl(~lH6gm4tSH%LrPuk~FkO9TDl}6@ zaIqfwS)(9iHmXe60!(B|y(L!tj!^PzzGXr|v>63Gg};;tk-fPalXo5a(8k>rpUBcu(c>dF zQHi|33mZ9cozmJAwHKm1Nc~`TNPjbX?=NP8^vKy!^jLbTj<#Ws(NDhj72F@D%IOKG2dDJ zY{bynTFu*D!=k(*EAkp!qIQL{1I_FZ_;zGF!H-=&Uf&qhFx=_d%(-%Db}5qMe&9Cq zJ`o50!b7o%=Edyp6qwIGb)Fw|s9D0#RD`uEPgTSa$uf#16L#jQKYpYzCfnFs9AvrQ zHI@I#kd>qZC%pC87$p%0(C?tcvKx)(S@x;8?)nGd;my}4#Ocz)F2fQ-ks~Vfv0twF z1{3JMA9)B{edj&5#A9yP8q9|fMKOuRH!nJz7f;r2U}cvd$(+EsKx?w%q#>#nb8RK~ zg$S6AC1}?+9#!X)H(53bq1Kk??O@wMa8M+2Y(M^a$Pr^jC#q@hl9{$h?wMc$)wT8C zP6V42pw$;-SF!DKwCO9A857}jhRZx^q z68yJJPVYerBtD4nf1l%GG?oJp3xR-hY2jz!T1;5;E=sRZqWwvJZi@akoeQ$0K4Zws zN;l9C-v@PTy_DK8uM zB*W_P4~<;L9s!m#^F1jBdc3T`No#~EgDN$C=>FEN%_1pi(wuVs9C!9|g@)g}tMBFWL8Zya>sYtlWlQmO>F+vX&)0 z!K%j$iZ#a!F^*6QvBFNua>UEjgZT9!WF@gu68rGY7#6a`wmyg2VKq zv;_981D{P|XuTfP8GM+`9AS#0;htlFp*19&Uu$+{av#NRzA==S z7nO~to5{WE_w_9P1RkX~g02L~Id!ZiB7qg=D54fs-`aq)t%W!#w6Qm^cAPdIzF=zF zg>vrSQRxF>5R{{NPymWCX^2H@D7*=_nXt~GBqPVHZj%!Nx$@mu3cE?Jk^U45g*NtY zB?zzCW?n|_-mk%!J^~JA)BL0J3Sow%MM-w{>bNGU{Ps;Z7YkcSi{4$CB-xClnriH| zel>mx-eDYhNM9zn+bng;&1W*2)3H}cmtoAqhS_=2h8`2%M;&-B>Z*pA*~_mOb#^w7 zZWUX^mR`g3w*fRS0HAr(W(EGK`8sXIk!9$T&8-dU?edf^Y#|WLL-gW861ci1Q~Yd` z1{Hzu6wi1&7UJj>qvg2dGovBAun0rJ4kj~Jrv@cG27eKs9nm$YT6I(0%t7OC48v$n zY4XC@kAf`sg)@!RZQ9cc+6*3KqoujIxoF6|nZ|Nkc^yemW?yv<&xZYGIUoy^l*ikC zs4XocRZt%OU}rmvgr_u-Dea+`Bql4rRR}SDQS2x#cHrX5`T13Ci_8f%QPTE07Zv6$ zCquaSj`>NeY#w{`bU%oWVw!BeQPJeEmNU~uTA=iO$GiVmk3M82jVux4WE`II1586; zj|-k9W=!aIOa{?ypP*k%c6Qgsy+wYfEk+xT+179PcB*}ChsNccjZ{0I>b3ERUUp{2 zBvGM-2bRF2HA%|V-G-`koiq+EnV5ZJr3RR6u5Wlb(>=1gEdxru6@zPik>tijEx9Ct|rTx zes&IUm}fQD-BBqCPJDxE9hF5D;_%k%^$uZDn|njj2woDbU^SewPWp4u{3|fha7VOp zG4tErPvYdi92OqaattixX-q|eL#sS#HTh#Q5>5sCUC*GGL{i>fvIK?*da@NxZLvja z`c5Tfv)%}ojEn!&gwg34gB02%Lkd;ak={13$|I}XXYt)(56wW%xJq!b^8)= zC1ldr=li7V+k9{4lpD>)53WfO?G)VV|Ke0p{F#Sg;eH}4*QnjzQql2R??k3)z8(G% zQ^j#tld`fgGg;=4=Z~JbrV*MnCzDgd9)pX>5>lbQp`31^`L$exW$H$(>{X~y;>%ob z7cIOp``47>w^e_8mk*V&zwH1=x0wdB=MTXrtndl%$b)=GJZ({Zv~jfout-1`485uv z^=ACqLOq3;>fnl}d-w_cW~()tSFynzh*{iPZho__5`Ly>6~Wf$`k1}2o8b3bS=QxE zu%7+-?ocji5cXT()78$^n_HbUJN4%K&Q|-|XCO3BqM+Sa1qU4l*ftRU5v6{xX*RnE zP;k;JUS#+h0a7F=R}4sI`~8)gC#$Xg_W4W}EV_R#U70JcE*#OnlWapZ(wErrbw>jVRJ_u}OnW580D$xex>HT#={ZQ0CuVoz)V}K1YvvxF(i+Xr&cajA= z9%STVKIoy-b~LUjegrzgrz?$gNr><@Jw5$p8WuNK=HUjz{OhL@YY~-P0*47m zC^>YuITeG1x3Zs0C*!A{`R@TM zwhrjOZi9Xl0O19AGLS2`^@1D$@NEa7FWVu!h$ujpLeT)gWb+vz33xJBKHsbv#cq!W zYeeE-;GZ!Gc+!7Cjc#P{*5~?ff`ZQW;qe7P0f>A@S5OO}$6*-| zyPDV0Tx8&7YlC`3g)|vh#%@sY@Ud_5{iU$s{B+nl+!6P-dhdP3=iC7_*arjk*(Qj! zz)l+vS-9mJv89T(OhmA~KcB6TUnfT0*$S03E|_v+W06RKo%w3Ogv92uyBRCd_T%-! z;rYv^(jK^Hxc_pCKS~}NTlt2x(bW1vC9c<7E|i5y7POL8 z2)*POvLpGq_35a)KS>Q!)8HdT?78Co&#CIf=IkuNgo@kF{k`%Pnc1+hTbg6zAJ!5^ zF{E#uzaTzl`r(2^zQ6EX3>WKeWm>2hYj4F~PRDju8!A_IqRQ2%KI41c#x|Cp{nck) zye-dWwaE(J#t~$0YA7_89zl%H_wTqIl@w9%&*!?7s!d8E&&e;9_9BjmI8~uMF*SFM zsElrkBooXjm~L$Uk*8o}X{M@?AzsKCa2rYoz18P7L4dtU(k|*Mg({u;<3$K z-q{S3yB-bx?QDOvsFr6|h+uj>s~7u)_OWD=oyqI-zTFq@zH=nQA&URRO7wA}Z~gKK z9zs>pZ}U>v*2SQw4HYca1Jaw4?()tmr?Qg0YMAszV~6?+gB*@IDhLrS7ZNEdMVKK6 z5exO(j*#A>c}n&%0jDguwW%!3wuH%qW{0b5^x(%mPM7P|=#m61wzca^Vy6dUmX+#D z3Chne%uNiK<%ofM(7&1JK6W-OY7D$`q0bp@_C(7)7?h zQs~VOexzke-gwG>{ikSRLP>cevNke3J!F&s&QR9hN0gbSM-e|>V7NC_)T?&1{3D5-uYVK_%U__4mC9xdjA7?>?Ty3O{#beq<#Gsf!$rUsgp zV&sqo;q>Ap@5N%1zJ^I!@G6E{*sJJgqzZxIi z!mBz7lLQsBS$Gd;bXr=pR2{!hM_VCUM)BOn$_gn5;E2H&C`2Ah%5da71?;sYDP5 zjyqP82RV%~gkBby7)r8DADmq=&5!!G*st$lmvw3qC&ux^dfuAEAH9(d9t4(hzzk2~c37 zCqsv~P=!HgNE*%5+4DxBXmPIT`*IX9@0Q%Hfr3~5ZJKfT(IRBdJji-=Up_`ltBa(d zMk1KRa}86_vX3~0rs0ax;5Mlx)zJ(rYg>xLK8aRuB-_r7Q6CT2lMm1JP6&2<=wl?v z#!ZqR2@(F{Oibv52{~3_(cM>Hn@#2zXNZ(}hLoK|ns2#9?U=An(EJl)9s)uPWx}kl zg)+tb1avwv8Ok_tYq50af5U9Nt^SfgBB$~L%hKuKv|Hqy!Ah>?@D^_eWAHeBEZd8O z5G}5t>+&2KhwCiLR_o)Ome(h(cNn>jUs2b%Q^~Umbe6fyx)$0h&FPX>Ru4>RK%?Vg z0^XMrX|VP45q$Hmx5)V7L_Ri;=Uwb(R!(h1XzuSuGEtONZV95pM%^oF`GXVQj`GAV z+ic-n^mR9wVKv2>m~jnCJJ42IF|hTwUOT(dyKP(1+pBbDzN*QJQHvq0FnY?=b4SXm z5CA;|;^%(9H3XJ+V1b31s-3lnhFmQby4P@@^uv+6*5P-b##3PUyj8^fBY$j{Ny3-( z?ExVX4*Paf{&L?2s71-x^0`Y?At_ICDytbWb8LpY!Vbr|tN8SQCbmlPIKA0D%qFSW zbKSBjkYRe}^l#KpA)5}si&sV_JL-hODiN*3YHLMOd;HV?7qC!WNaVU+H5O~!T`3^B zz%c<564?8Pca1pT=D>>5HdG2I*qn&&c<JC8XLXe~(WS4}o zKy{(36)HvA-{Y8lC@SbR6Jkh2yR?n%iU(<8BLA5~zJ~ZGd-49(xj0tiO97$}@uy5y zfg^HR{ju|D8QXPCM#U8u67alRQBW3^dd`?zrzxWMrPk=_q>~u=_VF1_{@r#|K5wih zO}*!=qC-XOb-ppviED6)U&45DWm&#UMBTxCW}A;;ooT|H84Fm53CabNZri#V(sNBq z@xx8^@NkdlSs0+`ou{aAMzJgzL+6YI=GE1ML}7&VHsHJY&1u3eO zlRR;OvQ;T&7(>EK{T28|p3)oEsGkpI;(5pwx6x;&m)bq%QW|~lALGoIiuzz5B+MmR zmuy0>4kLTVm<6oYiNAshmL-)|rppNu(uL|RmtCn@uHmwA0NK+@=d~f{-7ihQ#D^K4 zvJo_O#X_ne#a|LG7LMaw!fKJ8sS1yvw(@@{ogPQ^XwxIc=mk{$`+Rgbr-vk&!W7%o z;jnl)c8#3W&LkydY^V|P!^G-H)S=y|p*t-4fzV^F*P~n(5^coh-us&|*2LuXR;=LI z5WQJOuh~peG7-`ZQ@XQ$9ufV-?4DZ|1o`h7SQls>n3D@B6h8_Omt?b3kd8ZGm;;Na ziz(oWf`WqN(V%3C)f~ODh?=P>11}2{JjAx@co2ky8HhTrF3e+D$aTgesjYT0Z}+&C z&>WUQ^Qhah0&eUEs|~D(le(;^r)7-c+w9WGIUxE_uFuS{3vqLcPwUHZyLLyXVe~|(}kw=HpV-Y0sQ+J(GdhR0O;ZoX_ zcUNn08ea{^NxL#ACh}hCSO9W|#+FqetPJALDa~4$@Ocf6s%un@h+amTp&Z`2*WIXf z3b(D3F+8ng%Wv^Ero{8QGYs2_r}S}^8I*R1;G+t~qJ5i0d`FPO0-Beu;-ig{In2zL0S1DTcB$V}@jSAC_H)kh@69 zrr6l-@>mSa{Z&8{&0wI~vw6@^?PAopWsMwEy?JfKWTL78ZEX8)@IEws@_wqS+5NH$ ztNYljaH`t+le$gB(h)~Z6Dsq=!3Cwc#b zb|4j(5J)^#akMTTGe1FG5FH63Ig-kXER;7{uN~vXj!<{5!onF!w7D+y=zpU%{4#_f z?9Z3_KT-F|hG(%P%dh`Zc8X+v&k_{04|~<)zuaxUdCwkmD~N)BT3uVO8hry_eE{Pi zk$*xMirYyHAWlUG0MGny4EnEtZI%bhN&JXjpV=-yzPC1~5eq$>?_WN{ZZrvyC*9iJ zNkpKD@@JDUGI|7{i9R6uN0&f&1FXOKXRnp6C_A4cBmw3BpQ>-NOEqqbMdWw<7sYD_ zP8t)`*zXN@2(I!LL)+2ON&@H)8w?Gyy8GQdrxeN$k>~Nx3Y#iGDx8N!fPaei`Etae zW?h_|ltL-!zI^67DEUDa#3=u7MZa(Mr<7`Pl81##n3Ho}+Gej?iODks$k&2^jSjG- zNEWoU_goFx_jTs^TTbE9`|$DoZ=lYB{$HR@!UqQjY^7(gW`0>SoyeOY?=+7f3FOxv}yj&LasefD?(*~A?NcyLFG&rW@ z=8ng6(>3Vpt%*Mu2{B0bT=)~ajHf6s%Gjniv?vuaa-eeBuNV7DxBn3^Z&;?4fV2N%g72A zSk_e*(m(JO%O6F3haQp)Q0Q5%`vHAnC`ZG^_!-teLdM3vz1rkPH%mq#1d;7#`-c`S z%4)1kHc%vIh&S49c`*yCs?6hGl#C&@uj4Mvwa1D&w|20 zniNqBUd|gOCf4@i?-vuSu6HR+h*G#clG7?JkHoNK{emru-9pXLS#MQp2wm z{9}MM{tSpO@zl^qVALpMkX5M)>n|9)xd__G@u@9MU0)=>LH?WIc{zQ3y1}5O%uj|p z{Et64;LF}72>e@mC7ngwC|_qZ40R;HGK;ZAQh@~msO3s;&0zfhOASE$n=wPz$}S$X z3Ku8jI-1p%Z>fkDKob{q-GNRUTpGk$%C+iwkB^61A0+!YzZwPnnK1_LB^Uc{wi z7NH0Di&QnAVr4nz-smU2Y@5Fg_~BBpuM_3S{7PU;HSwN+v1b5#QSchc&^bzb zZ%A9VJ7O<;mnEx=-;?t`uhY*`cI!R(6F~!-y$VHFiXHG5`F(u>Xbkn?eF03EH=5waE#2(EX)cKcFAr6??gffS zeI$>S(|W$Ea}bU4s@__O0|Y$RJu4VF*3~xqGcU)p0GOpO!F_(G?wL3ofrE_AlV$i~ zNJ8iE&Fg;{nr-Ds34fLoQJn>0)6{90Ld5VWx^FDU3^7$`jUd>1V2z)9?Oh5DQ0*sx z&FBQGJ$^4EK|r#g(`ru=6VzjhR6+qZa=ueoUtJyO zvX1c>wn)Zzce6isBgWJVPzt_$1W-9N2m$H3!~k_24Q`v+E7F3b)dPO%88^(au;TTE z3~YOo`rP(*8SeXXz?4gKKLYu`TlYfze_f%S0<;G}X>8}{7!m?roq!ymO#HVg7NG&k z1Ov49SN9-4uxF1?7Vz9(`xI(W0l^9_K(=_t25JIMJO_x+{?GouuqWI`ohH8j_V~Gq z>rUkfx$Rl4wKZSD8nCZ%_9sB+r#Vr71-2$`#_@rk_^WH3@@zSpfq!20^(6xjgHk97=O#oX z1pMh=Qr|YV#drTZpj`O5n>>?{7#I>f9l#ScZ;&T|w-zVcG{ed8VwukI5qgeyMwhQ2 ztgkOzL4f{@P&XkyF)?Ptaq3aTby`--+hfykAE%%O?LMTT?;lNqO(&dLdRQS2YoDFn zBXPO^p^$eLg}tRW%^T4@8>b?6H-wc0nNBy~fuQz{Yh^(agzP|}JH18`aXZEJK zx{P%yUT6TEx}g6`D=uNuX|$yV%`KKjnfnoik2k@ml*+FTxy9QddX}Uo;o)U$_anE7 zCu58>d#&MYH)&TiUjSzpSsa7uX*drnhKaq1b)E)w>X8MR55CN4N;$N3p1gwd_jRjf zJX#pv9}}==Iwgn+S_Gl2Mf(@mfA_y@h4Vc4J4@n*S|Wt|X(D+90$qU-+4=qq-2Fm7 zIxOP*ZeCPQ!W$RvQ7mH|8-y28g(WlS^ecJ6*}*Y4dNDrV9$v1x@0kCA`oQ;vUJ!tu zM4Ki!hJX+TmzNp)$YcL8zVbC~z?6T2>$Z0s8vOvD$&v$e?P!15I*R6YigAE5u)%7e z-XeiT+Ia(o5gZ`Rq>;$?Im8k#SQ*n#ZKNCx4`HObl3$XZh`0WuF$iRhPW+8b_*MM( zI)7HKEHZkv{?2(xGQtN(1HLmwU*BpcJGB8+OfgCft+*ep7M2gxBOD;)UjTv!$!|H- z{~H)oBk&sek;!(y?6H2~g@XG}`yx&tyK#4*Lz&Cj_TT5a2|arujf3z?KnLtA0MM@A ze>o}WwX-(T7i=tm*?9jANc?Y=-%o0>@>>{6$p3lAE1gF=ZcLji{qlk}*97-ta4But zLNk$J_Yi~pmRlP_BOU)&K(24R+5JBE94}hG@bHD?e;AMHjh2JJLXyD}u!%(7&XX$X zo(AsopwM&{CC{douPVAdb%n64XZAvXRgX{MH8`=Nw~Dqw(8Up8Cla*0L>B}EqqpH#DALez$K%AdV{yK z?dI__{Q>XiHq#i52L);?*B;*3v)enS5BFRz=spqkT&q%U=5KZ7o#gMo)ieW@hW*V2(h@s?lz_R0FaJ4Qz*smr7w1^@X z#2%}$G5l@SRE0G61$vWdtI+eUK>tXrr!?<*c1MAaFke!!*?MlA=l|;LE5o8{+qD5j z2?eBv?v_$YB&55$TR^&pMoMWUB&4NFX{15AyM-a889+jM-}Aih_kMdH$NshXyJqfn zuXV82b)9jYLu+%JYE2&JBWKh@TVEx3cbonH8q7-#%Ll%&yB+J2gf*mE8~I@sR#}Fg z)VZ_|RsD5IQb}awPyUo!7cH$6nSNEy*L!W23J8X4a9{pTKQr#K#G-TLPDW6C?2WJH- zQOFBTl+Q1a$e7T~AYADBPNAj09&`7zaSAw@1fbUroQ$wo&# z$12Tw;N`eXjD(9bm(nAWhM#S;_UpGQ-vb-+zdst0Ns$&U<#Ufdkg}hp7vRI6PSw#+ z_$kKlem#VdpUqF|y+?cKl2IngfKC)1PnLdd^=Q-rx6c_ZOGy0U+~!*W$Mt`;pU$qN z^a=%0pM)*M{c0##CQ(d^m<7SegDEEuH+SM!5zp7dU-!flmFl9Q6WSXV>QNqA)3Noy zzary=7Mz!L!tLdgQPVD($SpPFo6{#_8Ngw`N+0@1G$o`jUChFePV4*P!mDCZ24+6u z1wtMiv@@(DA+IjJKt-Y&oa!%%v`$ru>h?C-&=5=NXhWCjWui*?YOk+Zehp6QSPsAY zvrmB7QM_PDvlI35S>0K|%rB3r8TM21;^C*$c9K%2cK9bM#-MeY7Ny8UIq~II z(1196KL4U3keT%JZGkJx#k+X%#5a^)B#*s#iw>A%iY0wt!X{;{ZNE(o>Cg}u!WQuh zpfx|{Bw}(1(B!uNrH`GDHoF$&z_LH#)~!jThK!9oJx)T7!B z4-faCaCBHKGG2ZpIa=0i7pb11ZI|;Xt$C-wM^uhOP`67`6oFEBGP}W z(qgmomTUtysWHXEp-RFyp(}ogT;kFlPvR#O_Fmct|HI?Q%uhc2ZTg$7V}Nh__Q0HV zLO?7(h$&r>bt=e+?J3a+vAQE*jbMYYNXx zwWqOz52ptYjZ1!vnPop^aYLC?{)>`bT9_?_DTHTQt97K_SFwH*`) zJ@ql)&HNzrZhTr6pE$S9j@%OOg%PAweMl*+O5F^2&n*M+LdUiI?WGx|$NN5};tEg$ zKIJVr7Xkd)rh5`n2Jv|}(`e*y7pvt*>-SQNLtH->z%?COCC1rHn17Y6DB^XhR(do) z-tqR^l^PV!v^4kxi&Hw8weiDhV#;Eu64D|%hr$3B=l9TfwVlHE2NJ`3TEl{PHj%R3 zSqu(np7RBdE+|iNmH92k>8B-n{UM9=Nu5O7PVz`;+Ku#@%O0+N_Z=q_=Q5;i7awfa zXp$cZy+kp?pvu0*2`dRROLoIl`B<EM_m4e@`tLGLy^%+xdI z8Drpg@;SWEq0Ih`5?$^bfbrUHp|?XTn^$Vjh*aw!Dr2T@r6TaRHzVrf#i2C6Id7OH zZ%LYeVr%RNFL@My45DA!A+|$pu<}aRj=ess#4Sy-DcGY?M^ru-y+ebd;k-?UrQ5tA z(v<%E!9zU(8(TXU-EySpsg(XD;{Ec8LtYBYwfgy)1MJh8lzOogyMdO}pz7d1aEEMI z$j_SGkev|^d&jV6{s}QvvLPi4Wql*4a{5qGp*el_RuKgsdo*R;3w-OL$_J970?aym zITcs0lP@rTQDs;7ai4yJ&f(-C&2HySFE^|>5?L5^i{_@zGedWu9wrNOnmdX&o8UZ{dtJY$S}Ukt2zHErTPxi*hL4z zmAt{cz8Tc2?}O14={Ij9N9vqo$eAz}WIGzigQsWtn~k?0A)_ATnmT<9)?aFp;wV2K zL2X-KNrV3_>(D-~yY{&(sbpHEcPz-B-E|{vKJ)ZCwBvB#3cVr24E$Y_5X4ybIb{5d zNp5+`ggq1U(kgC{@GM!40zQ}}U+G?o3M^JL`tz=G`{Zc7K7WNvX!LWu9DhLuqosDO zm+q)Osx3aHtvRpLr#`ZmBI8we+9|T*Dzrz7>P>YYM4$cQ@*}%1nnGi`VLbJTTaebA z5=K%qMOo{}>aAG4s#8PkhhZt|Ll3?_cMlZ|q1h4CS@qY(;_zKFZD_bYA6CUOyF<%o zp)D#J+DhaGp9l7KpR7|k?ZYR!xZx|=`=z-s1<}O-fvf;K zVdw(?Pq$w#_iewkZ!!l~gJ^iYIT@;Xee7R}IxPhLyj8;RNK?`A%NV>4b;w^f3&W){?;ct59mqSX7wFILEEr%%Uiv`wRru7I z5-|6-BCyBGTF;lRg`>ot`{R;R+{+C?Nh}(TMK}i^#o@-qWAH%x0tw0do<74dU5-zD`Sxo30<9Nr3X3zs>RiIL(Ip#`Rx;-7xxoN zI$t|bW0@HRio5{ctYyE8rS4OSta$Y1vl;#6o{p=fCTOx9!NY%HRdg!KCl!B8yiw7u zFIV#AlUb~L4AfhkR>erFE-qIL*29hwJ^lOe_gS-%mt4A_drt^mYTnk><^QsE$6fC$ zZ+uyic9%z5{i`;P<=?Q6A$*v;31u_5^G znE@Ap?0nRUSt56*z4CA;yao330O(G>V=?5-wDnZ4ZX{EJ{Rb~&Gd=i!7qg&rcR1(ar0 zZSGDsHWi;OtRi)1g$-1xB^&F=zM%+!Z!SLN;@|<&!A*KZsawnYHbj0iX8RRne1>C}1el z`Cv3Tu2J~JafUXE=NrOH*43-g;-SvO(`wo4{b;_uMhT02$3oSg?jKIs^E51Ke=7j< zZD#@fKwsY}f=+g`qU?BcDzecL|hKT$wsf)1)N%-)cErx^fKB z=Zr+ej#GW{z|>~Bm4qFGffe_xrC2hfXnTVTnF4)2E`KjE{_JPql611$Ena{-8-HWk zz&KvwsjBR?vfuON+e&I?^#sA)6Z5)nu@^e^8sR~YsJGy7ACsMl$5$4*zWQ6nn8ya$ z<_%37ckJVm;lp<0@%ivf4yT<7D<@5w<-%7orcO4^306FU7x94=c@oNnPHD@)I+T4>__Y1R1L+yw8k>^p!5?DQbTOHnBHEb=1H^*HikB8H;d zJaM7i?tx-saa&Lzth4RxR_nuZ+4lplyBpWcY~=5&F}#%d1T$G8qCRbCdra}jw zs}{|i>`Sx@d--z`bu7Z|NTg3(Ig6jvjWLu31{h%l;SAgtjIv8#mWZFJ^{4#z)_r$g z!nquufMJ>;y2es=ep>`F5j{PKxo|j^^I7}h;l_N{$yZ;yW4!@b;|v@B{fYJYS2-g? zDeC!r(UQ1Wc3nnXB{|$b5u(Aq4}Ad{EQvQu-6fyc6V9C`H+Yq@B|?)lM;0gKxxcfY zH)gJw_k)uK(m*8{BS>RwtjDA=v--14mCiolo%Ut6CG+$~1k;(C%RgRoyBz4TXyq=m zQD_m)yZo2F15CA$(RYd@-8jGzN5@Mi@6wDSZQ|^STHe(kSv_F06dn#gc-8KpzbN~; zB!@R&vI#oc)?0*`8BmKCN4l|0>p5YaMcFl_jN&bo)VxEs+L~D8sV2^< z!*yVKRL7BNLYleg)fk>KL68h%2_reZY%>=@i9(OPLlW*IOij@P^{;CVl#1JIRW^A^ zrlx|?%6hIuQrY~+| zHOi!`>c(s5KoedTW7?|4fs73=%}qQml)r0yZ;VPP9m@WKvZ*tGr<-`IZZ^H)dkid8 zjK?`nKG?zeD><6R)4*=q*%$c{=c5Ifk7Hh(xzq*d1+mP>HqOO_o#oFp$7HDXv@e7cTXjfjDt^3ruKi6T`UNLorGQ{4l5MaTOh81U5d`?# z3hdHYr$6C6t@@W}2wn;>M4ymOI#2?0_|ec%JcVW7G6vOOpU`4y&7>jH%2wzD*MQCW z+g`U(41N_@PNZEP)K8;{5LQq>sSx$^>#PYEC{oFY`k9BW3+ksRqJBzz@2~{xbD*zy zS0-~)+aBVy!!23%Y;PP2s%~<~AHG8VrL5NB_5NCx1&y)p=LtP`Ud)6Sl?c_&N-|Cc`zZ>!1bor=W%e^9 z64w5Ll$%kgOs0~lQs&!tPdG}AMjpN;(QR;uWG4p%t ztSQ!Sf3j~o&~<6abaS;^c&Es}Qg6S=6Q^IeX8BZPYxkqhG~qI#kqh@VS|c9bD5W7T z;V8`Qw$W+jt;feSKb@U8_ziU*>VDyu=ns*z%N=BtZu<*UdiFXn_tB?!QPC8h6d)!= zy1Bo%X81CB@^10%19j&I1H2P2pT{fftbwi}V+-cj{+FoWrsqhyxyjo%{;KcdhQ?n1 zm&biX?g!~U2y-D}({y$0{mS5vzqC<1=*iJ+r$=TOA%es^a7e6{qctRU^WSyPQH65R z_CA~U4#_=(j6EWAk1ob(oMzYNG5*^mYQ3hEE{s1#wGvJO)5^UsKnR#MvK zZz3C-S#O#U$D47wtM%jyD{>b$>WXSAUR0r*v;}1vWG^JRt+C$HOs7b^!)MFoUF7f0 ztYoBJjR^;ZL0D;&<#+mD*O_kDUr;6jj&7Mw7>R=1$%gvI6uW@O^U-WBj2tV%N!r!v zkE8wn=#HKreU*ytZZESA2@Mltw^uW7`aL~$0e>lcn@VYr$jL-$#LD%Pd4`6voI=rk zK*mZ)Ot~Ll`ILZ?5pR8Iw=>AS&;8$@l(SEhGwy8tWV*c-uMia%>?qCZ#Lh ztJv*hg(ppVyx5R*k+uOA3qo5RX6Wy#lP!ushSrPd}zMd{uG1 zjeDGO7O<=5;>IV*lzDp0*mP0unM|QxwqC;EHMQAmXGjUJR1!{IqT9H+J?%Ts$3E?^ z`dg>u&ED)8a~%OCA6%lpn4F9+j>Juyr@2d9M@eSC4a1sdtZv;q=eRN<2epT~`oR5jSar*<1Tt!R+EzEx#;irs`!cZ~5JMlmd9 z9SJG%-SWNfZIAb_ zXC!7S@^){>jY<|JxNNJAxlmncV~x}u)V6AISw?$Yab^WkyMX>|LgkLm%0g_@Ii9hu-(u=mXHr6_y6z->fH7fq{PB!-C zaA4A@lWnO&PK$;%id8N#b!kR^jNso}`2SixmsLqZnN*X!Rik~~`d`O6sl}&gKOxzm zU6BXAR^>=ST#0w-GS$U3WwBnu&m7h+!_UIFla|Q0P!DXD?OZ?n~hX-49e!o;#m%ySa zZZ8+<0nZGGRfR~Qa>0LA%U)$gXvk0_{TDyBSV>=y(Xe8_;!ol7E-Fiw>;gyBP%V-rFq6+PNRrlpkFKhra7?xjx55O z%Jc;e$#Yp~PE4#2z1-RPc*w!n+4;tbf?tM&F5(&SJK%6`FxA7ew{AFc_RzrZX&U{$ z0{P_FbRU?%*1oNJ3_W*WB!`}qLQeEB9V@Q|@t89;!)C(siq}5dvbafTtqJ&hD=_*V z<6?Zz9pJ!v$E;=)*DRQ@ncktJcNdphkz^%i}_24^NdTCE+MMF*q-2hQ2F$;$SbK%oOgGaY@ZT(_DbuEJ224?6LN2wz6jBnGctxQrkjX&K(x zXfs`c5%U;P1VysfKrhkqW9>mGGGa(tFsn;F9Tl_lk1U4N2P{xqT|?gcUmmtxEbG@W z`9Nau5P?r?ulvbTDTo+A6{ZE4R{`OEY5?YSr*ET3QHZ3eJCHbmgo-GjAk{OX!ALOK z%XA+s7D&Z;54(eWOL+KGofFvMvsuu9tCr;#5-p-}kjZucLNM(9?qW$_q`2U^#~Nt1 zNGJq!D<>DhsJ$H+Sm^(3x!o1zFL~|19r2zID};#zvpNuNE=Tk!;}-8}{qRpfUS-o39l*B_fjDeZaf50LF29)(xYiN2FaZ1s5y1Zva|V3GQyFPC zvc(D`{Qt6w0V8@+n+Y4ZITs*&%X<_b7n~>vWX%5WdzpD0yvd=1F!T!{Zv-!Mg#vLf z(BxSW7y&Y>VEusDJk<&t;?PM5H#oHN4D>*mqb9&j{JtL118t(eLu`{4^g#c)4}e1$ z#G3#&H3(1`oSwqL-QXk3xJ7$#IIPjVv|fz*=|dE`m7~>8^`%b!~qlAp(Joc2SCiVHhXTECr7Jy$2Fe3fsf>^>gu&b>5tiH##j=#+%x^Ysf zosaC`?%hWvGs1kax0wpAS=cj_O3eo4=7EUVR4NrL6t|3x7MJZn@ZSP7MlF;dMh4}X z{~X+;QGrcQYqA@TJwS0yY~Q>H;Bi%Gw)A&jt-@G62~8zF;J8}XIsg9N>Ghw^4#y={ zBiPjp7~B%9z8b=AJ1eL3W@K+OJZpl&M_?Fi;Ho1Sj_$rIWthu-EZ2&u8*Xj1W$+L!rPy$cVAg zg70LqMOa$fk9YGo0BAVcy>M0HM#ulb^~NjiwiCPc_Dnxyy584sd%rC}zZH9>^e%JL z_(}FWC-FlRv6YkSWZ}#=##tbwuwrE*-;U~u8H>!m7m@D<=}h}YgdQ_Y;qyzLTnwm6 zd1m*sWo_F$tx3H=#pqFu_Ua!>YRKCv{Pk$8IwnleGu7jDsB%VI^ZT83v-Wv#LYQQZ z?|D1zPQbGl2j!>5=afgZ>uhU%sg(ZpX+ksuI}fV96wq?;Mlx6hjNO>g57>5fyjK=T zF}{5$e5cdI{WH47SNCEoD4&mqhfUve$M^h1_6(aTIaIJ3Z&qo>|DJ9B@KBn!f9-O{ zGVaNVw|4?-&Rd>g|C2R+N56pbAIoAb%ihO~j>&1rYbFih;;>&docHpW5F#4NCXh>t z31P7f#3Vd%@8n?99ax?=l)*yD(QiFQ^EqbxO>+KO)PF}J&*Smk>LE(c@!uaqG?#m@ zHa}ZrA)$8>ueQ;p(2$WCQGgpP_5QHfxP>FWeGqQEGAogk!X7?k?5n;)Lya8*yFbMK zY&}RH@oK4yG9T%;9@mrw`%cDu!C{%_9v1v6P!x#! z#*M{Z!~y{k_r6C{m$4Au#alrsDY12Ti>zT5%^Nn@-Nl30^eaey<}HNxF4z%va;A9S zZiFx0dTq8K+5wJt{FtyV-_I8~SyGQ33sh5l{^QMg8Z!~`>nTp;{c07`5jM}P&;=si z|NInyp#k@6H}H}vdIrD@&zj5=;H}KI23gaHp9q+t3gmAR)(LK9wV>1j29b0mB8@nN z;f1C{^DW=SwJJbI`43F-0k7DAHuguhLRg1=4m>JUD&^q$FP-M9zyzxq0IX%(AR~^* z$Ed|^Z@rn`C7wf!QLv*FMGi`mc!TGnciX_l0v^(^;Qzl&SnwvzQ$z&ev>X`j)DwEp1eP3-d=IZSnQ%Yb)jVG9DDM^s=%N7x;l%jtthN%_4k{$ixK+FeqKx(!;kX=KH|nl ziov!WTd`!96_s)1N#~vqR&(cR3)?&kV{Z&%v7XvSAhLHbNJg!){1EZO<+F|f*NY%} z&#XHlDCCEufwndy=_Kjp*9#EYyx`;apk?l!aycQ8?zsqNJQDbml~j`WCT0@!Uz5uq Az5oCK diff --git a/windows/security/operating-system-security/network-security/windows-firewall/toc.yml b/windows/security/operating-system-security/network-security/windows-firewall/toc.yml index a6b1ae1ed7..7e3878d4ea 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/toc.yml +++ b/windows/security/operating-system-security/network-security/windows-firewall/toc.yml @@ -4,7 +4,7 @@ items: - name: Configure and manage Windows Firewall items: - name: Configure Windows Firewall - href: best-practices-configuring.md + href: configure.md - name: Configure with Microsoft Intune href: create-windows-firewall-rules-in-intune.md - name: Configure with group policy