Firewall Alerts, but firewall is enabled

JoCald · June 9, 2022, 9:48am

Hi,

Took over a client where the previous MSP had firewall disabled on all machines. All machines are domain joined, so no problem. Created a GPO that enables firewall on all machines, and set up any rules where needed.
Unfortunately the monitoring from Syncro keeps stating that the public static and private static Windows Firewalls are currently disabled.

If I run “netsh advfirewall show all state” , both public and private show up as OFF.
If I do “Get-NetfirewallProfile -PolicyStore ActiveStore” , all firewalls show up as Enabled.
GUI shows all Enabled as well.

Seems Syncro only uses the local policy to verify status?

STech-Luke · June 29, 2022, 4:53am

Hey JoCald,

Did you ever get this figured out? We get a few alerts a week for firewall (as well as AV) being disabled, I was wondering if it might be related to what you have found.

JoCald · June 29, 2022, 5:36am

Hi Luke,

Since the netsh command showed OFF in my case, which I assume is what Syncro uses to monitor the firewall status, I ran “netsh advfirewall set allprofiles state on” on all the devices with alerts.

Syncro now shows the firewall as enabled.

Never had an issue with AV though.

Topic		Replies	Views
Getting a lot of "The public static and private static Windows Firewalls are currently disabled." alerts. Same day as Policy Migration?	3	695	June 7, 2024
Syncro detected the firewall is disabled rmm	1	1450	March 4, 2022
False Offline Alerts?	12	953	May 12, 2023
Managed Windows Defender Is Now Live! Announcements	14	315	August 18, 2024
What are we doing for API's on the Ip Whitelist feature?	3	435	December 7, 2023

Firewall Alerts, but firewall is enabled

Related topics