Skip to main content
This Library Item is available for Windows devices
The Windows Firewall Library Item lets you configure and enforce firewall settings for Windows devices. With this profile, you can manage global firewall behavior, define security association rules, and enforce profile-specific policies across public, private, and domain networks. By using this Library Item, you ensure that Windows endpoints in your organization adhere to consistent firewall configurations, reducing the risk of misconfigurations or unmanaged local rules.
For detailed technical background on each firewall setting, refer to Microsoft’s official Windows Firewall documentation.

Create a Windows Firewall Profile Library Item

To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.
1

Navigate to Library

In the Library, select Add Library Item.
2

Select Windows Firewall

Search for and select Windows Firewall.
3

Name the Library Item

Give the Library Item a Name.
4

Assign to Blueprints

Assign the profile to one or more Blueprints.

Global Settings

These options apply globally across all firewall profiles:
  • Disable stateful FTP transfers If enabled, disables stateful File Transfer Protocol (FTP) filtering.
  • Enable packet queue Configures scaling for encrypted and clear-text forwarding paths in IPsec tunnels. Ensures packet order is preserved. Default is off.
  • IPSec Exemptions Defines exemptions for IPsec traffic.
  • Security association idle time Sets the idle time (in seconds) before unused security associations are deleted. Default is 300.

Profile Settings

Profile settings can be applied separately for Public, Private, and Domain network profiles. Toggle management for each profile at the top of the section.

Core Firewall Settings

  • Shielded Blocks all inbound traffic, regardless of rules. Use with caution.
  • Default inbound action Specifies action (allow or block) for inbound traffic.
  • Default outbound action Specifies action (allow or block) for outbound traffic.

Policy Management

  • Allow local IPsec policy merge Determines whether local connection security rules are enforced.
  • Allow local policy merge Determines whether local firewall rules are enforced.
  • Merge user authorized global ports Determines whether user-defined global port rules are enforced.
  • Merge user authorized app firewall rules Determines whether user-defined app firewall rules are enforced.

Advanced Options

  • Disable inbound notifications Suppresses notifications when apps are blocked from listening.
  • Disable stealth mode If enabled, disables stealth (which drops unsolicited traffic).
  • Disable unicast responses to multicast/broadcast Blocks unicast responses to multicast or broadcast requests.

Logging Configuration

  • Log dropped packets Records all dropped packets.
  • Log ignored rules Records when rules are ignored, depending on implementation.
  • Log success connections Records successful inbound connections.
  • Log file path Defines where firewall logs are written (e.g., %programdata%\kandji\agent\logs).
  • Log max file size Maximum size (in KB) for the log file. Default is 1024.

Network Profile Configuration

  • Domain Profile
  • Private Profile
  • Public Profile
The Domain profile applies when the device is connected to a domain network. This is typically the most permissive profile for corporate environments.Recommended settings:
  • Default inbound action: Block
  • Default outbound action: Allow
  • Allow local policy merge: Enabled
  • Logging: Enabled for monitoring

Considerations

  • Settings marked “Not configured” do not override the local device configuration.
  • When blocking all inbound traffic with Shielded, verify that required management and update services remain accessible.
  • Use logging options to validate firewall behavior before rolling out strict rules fleet-wide.

Best Practices

1

Test configurations

Test firewall configurations on a small group of devices before deploying to your entire fleet.
2

Enable logging

Enable appropriate logging to monitor firewall behavior and troubleshoot issues.
3

Document exceptions

Document any required firewall exceptions for business applications and services.
4

Regular review

Regularly review firewall logs and policies to ensure they remain appropriate for your organization’s needs.

Troubleshooting

Possible causes:
  • Firewall blocking required ports or applications
  • Incorrect profile settings
  • Missing firewall rules
Solutions:
  • Check firewall logs for blocked connections
  • Verify the correct network profile is active
  • Add appropriate firewall rules for the application
Possible causes:
  • Firewall blocking management ports
  • Shielded mode enabled
  • Incorrect profile configuration
Solutions:
  • Ensure management ports are allowed
  • Disable Shielded mode if necessary
  • Verify domain profile settings for managed devices
Possible causes:
  • Logging not enabled
  • Insufficient disk space
  • Incorrect log file path
Solutions:
  • Enable appropriate logging options
  • Check available disk space
  • Verify log file path is accessible

Security Recommendations

Network Segmentation

Use different firewall profiles to implement network segmentation based on trust levels.

Monitoring

Enable comprehensive logging to monitor network traffic and detect potential security issues.

Regular Updates

Regularly review and update firewall policies to address new threats and business requirements.

Testing

Test firewall configurations in a controlled environment before production deployment.