Windows Defender Firewall
Windows Defender Firewall
Windows Defender firewall is a stateful host firewall that monitors incoming and outgoing traffic in a device using rules and policies. This document contains the best practices required in Windows Defender Firewall and Netskope Client to ensure smooth interoperability.
Environment
This document was created using the following components:
- Netskope Client: 94.0.0.2360
- OS: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022
Interoperability Configuration Requirements
Specific configurations in the Windows Defender firewall ensure processes or traffic from either of the applications are not blocked or directed to the Netskope Cloud.
Configurations In Windows Defender Firewall
The administrators mostly configure Windows Defender firewall in:
- Domain environment: This includes configuring rules for all devices in that domain automatically using Group Policy.
- Non-domain environment: This includes configuring firewall policies for non-domain joined devices using tools such as Microsoft Intune, BMC, and so on.
Best Practices: The administrators can consider certain best practices while configuring the Windows Defender firewall to optimize the security of the devices. To learn more, view Best Practices.
Configure GPO In Windows Defender
To open a GPO to Windows Firewall with Advanced Security:
- Open the Group Policy Management console.
- In the navigation pane, expand Forest (YourForestName) > Domains (YourDomainName) > Group Policy Objects.
- In the navigation pane of the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security.
- Set the firewall to be enabled and click Windows Firewall Properties.
- Set the following options for Domain Profile, Private Profile, and Public Profile:
- Firewall State to On.
- Inbound Connections to Block (Default)
- Outbound Connections to Allow (Default)
- Click OK.
Configure Firewall Rules
- Go to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security.
- Click Outbound Rules > New Rule.
- In the New Outbound Rule Wizard window, perform the following:
- Rule Type: Select the rule to create.
- Protocol and Ports: Select the port the rule applies to.
- Action: Select the action to perform when a connection matches the specified conditions.
- Profile: Select the applicable profiles where you need to apply the rules.
- Name: Enter a name to identify the rule.
- After providing all outbound rules, you can see the new rule in the Group Policy Management console.
Validate Firewall Rules
- Apply GPO to a computer OU, and view the result on the client firewall configuration or use the command gpupdate /force to manually refresh the policy and publish it to the client.
- Make sure to install and run the NS Client with Cloud Firewall mode.
- On the client machine which is already domain joined, open the RDP application and access the resource. RDP application must be restricted and it should not be steered through NSProxy.
Verifying Interoperability
Netskope Client Features
Refer to the list of validated use cases to verify Client operations.
