# Solved: use group policy to open a port through win firewall on domain with sbs2008



## captainpie (Apr 15, 2008)

Hi all,

anyone know how to use group policy on SBS2008 to open a port on windows firewall for all client machines?

I have found: CC > Policies > Administrative Templates > Network Connections > windows firewall > Domain Profile

Windows Firewall: allow local port exceptions, and Windows Firewall: allow local program exceptions. which I have set both to enabled, but cant find anywhere to specify ports to open.


----------



## Rockn (Jul 29, 2001)

Is there already a gateway firewall device? Why use the one in Windows if there is? You have to define them and add them as colon separated values.
<port>:<transport>:<scope>:<status>:<name>


----------



## captainpie (Apr 15, 2008)

Hi Rockn!

The only firewall they are using is the windows builtin. there is a firewall on the gateway, but i need to open ports just for internal use. (they have a new phone system going in, and the tech from those guys asked for this port to be opened)


----------



## Rockn (Jul 29, 2001)

But why even run a Windows Firewall if there is already a gateway firewall? You are just adding complexity and not really adding any extra security. Unless of course if it is company policy to run the Windows firewall.


----------



## captainpie (Apr 15, 2008)

windows firewall only to stop maliciousness inside the company network, the other firewall only affects in and out of gateway. The comapny was asked and decided not to spring for any extra security other than avg av and win firewall for internal.


----------



## Rockn (Jul 29, 2001)

Well the way I explained it is the way it is done via Group Policy


----------



## captainpie (Apr 15, 2008)

are they defined in the where I say "enable" or "disable" or "not configured" in Group Policy?


----------



## Rockn (Jul 29, 2001)

You enable or disable the policy item and add the ports inside of that item. There is a button right there once you enable the setting.


----------



## Rockn (Jul 29, 2001)

I am sure the [hone tech was stating that the port should be opened on the gateway firewall and not on the client.


----------



## captainpie (Apr 15, 2008)

no, the phone tech chappie was having a problem getting the internal software talking. This software is just running over the internal lan. he only got it working when he disabled win firewall on the client.


----------

