Firewall policies for Endpoint Protection in System Center 2012 Configuration Manager let you perform basic Windows Firewall configuration and maintenance tasks on client computers in your hierarchy. You can use Windows Firewall policies to perform the following tasks:

Use the following procedures in this topic to help create and assign Windows Firewall policies to Configuration Manager client computers in your hierarchy:

To create a Windows Firewall policy

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Windows Firewall Policies.

  3. On the Home tab, in the Create group, click Create Windows Firewall Policy.

  4. On the General page of the Create Windows Firewall Policy Wizard, specify a name and an optional description for this firewall policy, and then click Next.

  5. On the Profile Settings page of the wizard, configure the following settings for each network profile:

    Important
    If you want to deploy Windows Firewall policies to computers running Windows Server 2008 and Windows Vista Service Pack 1, you must first install Hotfix KB971800 on these computers.
    Note
    For more information about network profiles, see the Windows documentation.
    • Enable Windows Firewall

      Note
      If Enable Windows Firewall is not enabled, the other settings on this page of the wizard are unavailable.
    • Block all incoming connections, including those in the list of allowed programs

    • Notify the user when Windows Firewall blocks a new program

  6. On the Summary page of the wizard, review the actions to be taken, and then complete the wizard.

  7. Verify that the new Windows Firewall policy is displayed in the Windows Firewall Policies list.

To deploy a Windows Firewall policy

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Windows Firewall Policies.

  3. In the Windows Firewall Policies list, select the Windows Firewall policy that you want to deploy.

  4. On the Home tab, in the Deployment group, click Deploy.

  5. In the Deploy Windows Firewall Policy dialog box, specify the collection to which you want to assign this Windows Firewall policy, and specify an assignment schedule. The Windows Firewall policy evaluates for compliance by using this schedule and the Windows Firewall settings on clients to reconfigure to match the Windows Firewall policy.

  6. Click OK to close the Deploy Windows Firewall Policy dialog box and to deploy the Windows Firewall policy.

    Important
    When you deploy a Windows Firewall policy to a collection, this policy is applied to computers in a random order over a 2 hour period to avoid flooding the network.

See Also