deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #7699 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Stephanie Savell 2023-01-03 11:08:01 -06:00 committed by GitHub
commit 9afe55e10c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
windows/client-management/mdm/firewall-csp.md
View File

@ -52,6 +52,11 @@ Firewall
------------DisableStealthMode ------------DisableStealthMode
------------Shielded ------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast ------------DisableUnicastResponsesToMulticastBroadcast
------------EnableLogDroppedPackets
------------EnableLogSuccessConnections
------------EnableLogIgnoredRules
------------LogMaxFileSize
------------LogFilePath
------------DisableInboundNotifications ------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge ------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge ------------GlobalPortsAllowUserPrefMerge
@ -65,6 +70,11 @@ Firewall
------------DisableStealthMode ------------DisableStealthMode
------------Shielded ------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast ------------DisableUnicastResponsesToMulticastBroadcast
------------EnableLogDroppedPackets
------------EnableLogSuccessConnections
------------EnableLogIgnoredRules
------------LogMaxFileSize
------------LogFilePath
------------DisableInboundNotifications ------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge ------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge ------------GlobalPortsAllowUserPrefMerge
@ -78,6 +88,11 @@ Firewall
------------DisableStealthMode ------------DisableStealthMode
------------Shielded ------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast ------------DisableUnicastResponsesToMulticastBroadcast
------------EnableLogDroppedPackets
------------EnableLogSuccessConnections
------------EnableLogIgnoredRules
------------LogMaxFileSize
------------LogFilePath
------------DisableInboundNotifications ------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge ------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge ------------GlobalPortsAllowUserPrefMerge
@ -223,6 +238,25 @@ Boolean value. If it's true, unicast responses to multicast broadcast traffic ar
Default value is false. Default value is false.
Value type is bool. Supported operations are Add, Get and Replace. Value type is bool. Supported operations are Add, Get and Replace.
<a href="" id="enablelogdroppedpackets"></a>**/EnableLogDroppedPackets**
Boolean value. If this value is true, firewall will log all dropped packets. The merge law for this option is to let "on" values win.
Default value is false. Supported operations are Get and Replace.
<a href="" id="enablelogsuccessconnections"></a>**/EnableLogSuccessConnections**
Boolean value. If this value is true, firewall will log all successful inbound connections. The merge law for this option is to let "on" values win.
Default value is false. Supported operations are Get and Replace.
<a href="" id="enablelogignoredrules"></a>**/EnableLogIgnoredRules**
Boolean value. If this value is true, firewall will log ignored firewall rules. The merge law for this option is to let "on" values win.
Default value is false. Supported operations are Get and Replace.
<a href="" id="logmaxfilesize"></a>**/LogMaxFileSize**
Integer value that specifies the size, in kilobytes, of the log file where dropped packets, successful connections and ignored rules are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
Default value is 1024. Supported operations are Get and Replace
<a href="" id="logfilepath"></a>**/LogFilePath**
String value that represents the file path to the log where firewall logs dropped packets, successful connections and ignored rules. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. Default value is "%systemroot%\system32\LogFiles\Firewall\pfirewall.log". Supported operations are Get and Replace
<a href="" id="disableinboundnotifications"></a>**/DisableInboundNotifications** <a href="" id="disableinboundnotifications"></a>**/DisableInboundNotifications**
Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
Default value is false. Default value is false.
@ -349,7 +383,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
<a href="" id="icmptypesandcodes"></a>**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes** <a href="" id="icmptypesandcodes"></a>**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes**
ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid. Comma separated list of ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
If not specified, the default is All. If not specified, the default is All.
Value type is string. Supported operations are Add, Get, Replace, and Delete. Value type is string. Supported operations are Add, Get, Replace, and Delete.
@ -431,6 +465,7 @@ Comma separated list of interface types. Valid values:
- RemoteAccess - RemoteAccess
- Wireless - Wireless
- Lan - Lan
- MBB (i.e. Mobile Broadband)
If not specified, the default is All. If not specified, the default is All.
Value type is string. Supported operations are Get and Replace. Value type is string. Supported operations are Get and Replace.