deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 13:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Clarification on automatic rule creation

Browse Source 
Provided details for why network connectivity may fail because automatic rule creation did not occur as expected. The general guidance is to not rely on automatic rule creation and instead ensure rules are creates before first application launch for the best user experience.
This commit is contained in:
Tommy Jensen 2021-07-22 00:08:29 -07:00 committed by GitHub
parent d926b9c36a
commit 46eb5e3471
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/windows-firewall/best-practices-configuring.md
View File

@ -119,7 +119,7 @@ In either of the scenarios above, once these rules are added they must be delete
When designing a set of firewall policies for your network, it is a best practice to configure allow rules for any networked applications deployed on the host. Having these rules in place before the user first launches the application will help ensure a seamless experience.
The absence of these staged rules does not necessarily mean that in the end an application will be unable to communicate on the network. However, the behaviors involved in the automatic creation of application rules at runtime requires user interaction.
The absence of these staged rules does not necessarily mean that in the end an application will be unable to communicate on the network. However, the behaviors involved in the automatic creation of application rules at runtime require user interaction and administrative privilege. If the device is expected to be used by non-administrative users, you should follow best practice and provide these rules before application first launch to avoid unexpected networking issues.
To determine why some applications are blocked from communicating in the network, check for the following:
@ -129,6 +129,8 @@ To determine why some applications are blocked from communicating in the network
3. Local Policy Merge is disabled, preventing the application or network service from creating local rules.
Creation of application rules at runtime can also be prohibited by administrators using the Settings app or Group Policy.
![Windows Firewall prompt](images/fw04-userquery.png)
*Figure 4: Dialog box to allow access*
@ -207,4 +209,4 @@ For tasks related to creating outbound rules, see [Checklist: Creating Outbound
## Document your changes
When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. Rules must be well-documented for ease of review both by you and other admins. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall.
When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. Rules must be well-documented for ease of review both by you and other admins. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall.