KB – Windows Firewall Profile

Latest tested version: 20.10

Working with the Windows Firewall Profile could be tricky. There is a undocumented behavior you need to know.

In Windows you are able to create multiple firewall rules with the same name.
Unfortunately, Workspace One UEM handels the Windows Firewall profile a little bit different.
When you create a firewall rule in Workspace One, the name is also used for the URI path. This is an issue, if there are two (or more) rules with the same name. Therefore we need to make sure to not use the same name more than once.

Behind the scenes:

As example we created a Windows firewall profile and added two rules with the same name – one for inbound and one for outbound traffic.

Windows firewall profile with two rules

After that, looking into the profile XML shows, that the name was reused in the URI path:

 <Replace>
    <CmdID>fc388928-b76a-4034-9137-6a17ecb68287</CmdID>
    <Item>
      <Target>
        <LocURI>./Vendor/MSFT/Firewall/MdmStore/FirewallRules/Allow%20Ping/Name</LocURI>
      </Target>
      <Meta>
        <Format xmlns="syncml:metinf">chr</Format>
      </Meta>
      <Data>Allow Ping</Data>
    </Item>
  </Replace>

So, the name is “Allow Ping” and also the LocURI reused the name for the rule
“./Vendor/MSFT/Firewall/MdmStore/FirewallRules/Allow%20Ping/Name”

This profile will generate an error.

Error message in Workspace One Console

The error message in the Windows Eventer Viewer is not showing a specific error.

Windows Event log entry

As you can see, this error is quite generic and will not show any error because of the duplicate URI path.

In conclusion to this behavior, make sure that the rule names are unique to avoid this error.

For more information about the Windows Firewall CSP see the Microsoft documentation.

Written by

EUC Customer Success Architect at | + posts

Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Theme BCF By aThemeArt - Proudly powered by WordPress .
BACK TO TOP