deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added image and table

Browse Source
This commit is contained in:
Justin Hall 2019-03-29 15:15:27 -07:00
parent 6219bd243c
commit c8f61cb247
2 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
View File

@ -25,7 +25,7 @@ Choose Windows 10 as the platform, and Endpoint Protection as the profile type.
Select Windows Defender Firewall.
Add a firewall rule to this new Endpoint Protection profile using the Add button at the bottom of the blade.
![Windows Defender Firewall in Intune](images/)
![Windows Defender Firewall in Intune](images/windows-firewall-intune.png)
>[!IMPORTANT]
>A single Endpoint Protection profile may contain up to a maximum of 150 firewall rules. If a client device requires more than 150 rules, then multiple profiles must be assigned to it.
@ -34,24 +34,24 @@ Add a firewall rule to this new Endpoint Protection profile using the Add button
Following table has description for each field.
Property | Type | Description
DisplayName | String | The display name of the rule. Does not need to be unique.
Description | String | The description of the rule.
PackageFamilyName | String | The package family name of a Microsoft Store application that's affected by the firewall rule.
FilePath | String | The full file path of an app that's affected by the firewall rule.
FullyQualifiedBinaryName | String | The fully qualified binary name.
ServiceName | String | The name used in cases when a service, not an application, is sending or receiving traffic.
Protocol | Nullable Integer - default value is null which maps to All | 0-255 number representing the [IP protocol](https://www.wikipedia.org/wiki/List_of_IP_protocol_numbers) (TCP = 6, UDP = 17). If not specified, the default is All.
LocalPortRanges | String array | List of local port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All.
RemotePortRanges | String array | List of remote port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All.
LocalAddressRanges | String array | List of local addresses covered by the rule. Valid tokens include:<br>- "*" indicates any local address. If present, this must be the only token included.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address.
RemoteAddressRanges | String array | List of tokens specifying the remote addresses covered by the rule.Tokens are case insensitive. Valid tokens include:<br>- "*" indicates any remote address. If present, this must be the only token included.<br>- "Defaultgateway"<br>- "DHCP"<br>- "DNS"<br>- "WINS"<br>- "Intranet"<br>- "RmtIntranet"<br>- "Internet"<br>- "Ply2Renders"<br>- "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address.
ProfileTypes | WindowsFirewallNetworkProfileTypes | Specifies the profiles to which the rule belongs. If not specified, the default is All.
Action| StateManagementSetting | The action the rule enforces. If not specified, the default is Allowed.
TrafficDirection | WindowsFirewallRuleTrafficDirectionType | The traffic direction that the rule is enabled for. If not specified, the default is Out.
InterfaceTypes | WindowsFirewallRuleInterfaceTypes | The interface types of the rule.
EdgeTraversal | StateManagementSetting | Indicates whether edge traversal is enabled or disabled for this rule.<br>The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.<br>New rules have the EdgeTraversal property disabled by default.
LocalUserAuthorizations | String | Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.
| Property | Type | Description |
| DisplayName | String | The display name of the rule. Does not need to be unique. |
| Description | String | The description of the rule. |
| PackageFamilyName | String | The package family name of a Microsoft Store application that's affected by the firewall rule. |
| FilePath | String | The full file path of an app that's affected by the firewall rule. |
| FullyQualifiedBinaryName | String | The fully qualified binary name. |
| ServiceName | String | The name used in cases when a service, not an application, is sending or receiving traffic. |
| Protocol | Nullable Integer - default value is null which maps to All | 0-255 number representing the [IP protocol](https://www.wikipedia.org/wiki/List_of_IP_protocol_numbers) (TCP = 6, UDP = 17). If not specified, the default is All. |
| LocalPortRanges | String array | List of local port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All. |
| RemotePortRanges | String array | List of remote port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All. |
| LocalAddressRanges | String array | List of local addresses covered by the rule. Valid tokens include:<br>- "*" indicates any local address. If present, this must be the only token included.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address. |
| RemoteAddressRanges | String array | List of tokens specifying the remote addresses covered by the rule.Tokens are case insensitive. Valid tokens include:<br>- "*" indicates any remote address. If present, this must be the only token included.<br>- "Defaultgateway"<br>- "DHCP"<br>- "DNS"<br>- "WINS"<br>- "Intranet"<br>- "RmtIntranet"<br>- "Internet"<br>- "Ply2Renders"<br>- "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address. |
| ProfileTypes | WindowsFirewallNetworkProfileTypes | Specifies the profiles to which the rule belongs. If not specified, the default is All. |
| Action| StateManagementSetting | The action the rule enforces. If not specified, the default is Allowed. |
| TrafficDirection | WindowsFirewallRuleTrafficDirectionType | The traffic direction that the rule is enabled for. If not specified, the default is Out. |
| InterfaceTypes | WindowsFirewallRuleInterfaceTypes | The interface types of the rule. |
| EdgeTraversal | StateManagementSetting | Indicates whether edge traversal is enabled or disabled for this rule.<br>The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.<br>New rules have the EdgeTraversal property disabled by default. |
| LocalUserAuthorizations | String | Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format. |
## Application

BIN
windows/security/threat-protection/windows-firewall/images/windows-firewall-intune.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 608 KiB