GlobalProtect(GP) Client detects windows firewall as disabled even when it is enabled.

GlobalProtect(GP) Client detects windows firewall as disabled even when it is enabled.

4973
Created On 02/21/22 08:17 AM - Last Modified 03/11/25 22:37 PM


Symptom


  • When Windows Firewall "Is Enabled Yes" is set as a condition in a HIP object/profile used in a security policy.
  • Traffic stops hitting desired security policy with such HIP Profile/Object as match condition.
  • On a Windows computer, Windows firewall is enabled.
  • However, while collecting HIP reports, GlobalProtect(GP) Client detects the windows firewall as disabled.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • GlobalProtect Gateway
  • GlobalProtect (GP) App
  • HIP enforced policies
     

Cause


  • Windows Firewall has open rule permitting "allow all" or "permit any" or similar.
  • When this is the case, OPSWAT/GP Client will detect it as Windows firewall disabled.

Resolution


  1. Remove the open rules on Windows making it somewhat closed.

Example below shows screenshot of Windows Defender Firewall:

  1. The rules indicate allow all condition with any program and any source/destination match.
  2. Remove this and any such rules.
  3. Resubmit the HIP information from GP App.

SS2.PNG

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NIWCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language