Windows 防火墙 GPO 优先级

Question

A recent issue prompted me to question how Windows Firewall applies it's rules when created Locally, and by GPO. I have Windows Server 2012 R2 in which many local firewall rules were created (Via Advanced Firewall, not Local Policy). At the same time, I had a few GPOs that would add one-off rules to the system. So we have two at play: Local rules created manually (the bulk of the rules) and a few domain-wide rules applied at the OU level.

Today (a few months later) I logged in and notice all of the manually created rules are gone, leaving only GPO rules remaining. It's almost like either a Windows Update erased the rules and re-added the generic rules, or perhaps I am misunderstanding how GPOs apply firewall rules. I logged into another server which had similar rule structure, and it too had it's local firewall rules removed. I happen to know they all did stick for a good few weeks- and I'm not exactly sure at what point they reverted.

My question is, do I need to pick either local firewall rules created manually (or via Local Policy) or go all out with GPO? Is a combination of the two not supported? Otherwise, what may have reverted all my rules?

Answer 1

It depends on the "Rule merging" settings. If rule merging is "Not configured" or "Yes (default)" the Windows firewall will contain both local admin rules and GPO rules.

You can see the "Rule merging" settings in wf.msc Open wf.msc Right click on "Windows Defender Firewall with Advanced Security" Then properties Finally, under settings click "Customize"