Where would I change the firewall setting in this setup?

Question

Question: Is it possible to make a Windows Firewall application exception via command line or any other way?

Why

We have a host running Windows 2016 Server with several Hyper-V VM's also running Windows 2016 Server. One is a DHCP server and one hosts the SQL DB. Windows Active Directory has also been setup on our network.

We have 3rd party developed software that works with an SQL database. On the actual VMs it works perfectly, but on any other client computer on the network we cannot get it to communicate with the VM unless temporarily disabling ALL Windows Firewalls.

We are having issues with Windows Firewall causing some things to not be able to connect, and need to add exceptions to the firewall, but I am not sure where to do it.

Additionally, knowing this will help with another client issue for a VOIP SNOM PA1 system to work. After talking to vendor support and sending them log files, they believe it's also a Windows Firewall restriction causing this issue.

Answer 1

Allow executable thru Windows Firewall with Command Line

Setup a Windows Firewall rule with NETSH commands and "allow" a specific application executable inbound and/or outbound on any profile from an elevated command prompt run as administrator with the below syntax or something similar. Then run this as a startup script once or on every startup for workstations/servers.

I assume you will only need the inbound rule applied and will point it to the full path of the executable file you need to allow inbound connections to be accepted from but I've shown an example outbound rule too in case.

Allow App Inbound

netsh advfirewall firewall add rule name="3rd Party Exe Out" dir=in action=allow program="C:\Program Files\CoolCo\Cool3P.exe" enable=yes profile=domain,private,public

Allow App Outbound

netsh advfirewall firewall add rule name="3rd Party Exe Out" dir=out action=allow program="C:\Program Files\CoolCo\Cool3P.exe" enable=yes profile=domain,private,public

---

Supporting Resources

• NETSH

Answer 2

Allow Apps thru Windows Firewall with Advanced Security

You could also go to wf.msc and then add a rule to tell the Windows Firewall to allow a specific app inbound and/or outbound on all profiles.

Instructions

1. Press +R, type in wf.msc and then press Enter.

2. Click on Inbound Rules and then click on New Rule... to the right

   

3. In the Rule Type options window check the Program option and then press Next

   

4. In the Program options window in the This program path field either browse find or specify the full explicit path of the exe of the apps file which you want to allow through the Windows Firewall and then press Next

   

5. In the Actions options window ensure the Allow this connection option is selected and then press Next

   

6. In the Profile options window ensure that all three options of Domain, Public, and Private are selected and then press Next

   

7. In the Name field type in a name for the new rule and then press Finish

   

8. You should now see the new rule you just created. You could then click on the Outbound Rules option and follow the same steps 1 - 8 as listed above for the app you need to allow outbound connections.

   

Just follow these steps for allowing all the incoming and outgoing app rules you need and scale accordingly to prevent Windows Firewall from prompting after each reboot.