Firewall Alerts, but firewall is enabled

JoCald · June 9, 2022, 9:48am

Hi,

Took over a client where the previous MSP had firewall disabled on all machines. All machines are domain joined, so no problem. Created a GPO that enables firewall on all machines, and set up any rules where needed.
Unfortunately the monitoring from Syncro keeps stating that the public static and private static Windows Firewalls are currently disabled.

If I run “netsh advfirewall show all state” , both public and private show up as OFF.
If I do “Get-NetfirewallProfile -PolicyStore ActiveStore” , all firewalls show up as Enabled.
GUI shows all Enabled as well.

Seems Syncro only uses the local policy to verify status?

STech-Luke · June 29, 2022, 4:53am

Hey JoCald,

Did you ever get this figured out? We get a few alerts a week for firewall (as well as AV) being disabled, I was wondering if it might be related to what you have found.

JoCald · June 29, 2022, 5:36am

Hi Luke,

Since the netsh command showed OFF in my case, which I assume is what Syncro uses to monitor the firewall status, I ran “netsh advfirewall set allprofiles state on” on all the devices with alerts.

Syncro now shows the firewall as enabled.

Never had an issue with AV though.

Topic		Replies	Views
Syncro detected the firewall is disabled rmm	1	1231	March 4, 2022
Getting a lot of "The public static and private static Windows Firewalls are currently disabled." alerts. Same day as Policy Migration?	2	533	February 24, 2022
False Offline Alerts?	12	729	May 12, 2023
Alerts? and uptime monitor inaccurate	3	987	February 27, 2022
Erroneous Offline Alerts Announcements	7	671	January 31, 2022

Firewall Alerts, but firewall is enabled

Related Topics