Checklist: Implementing a Basic Firewall Policy Design
Updated: October 11, 2012
Applies To: Windows Server 2012
This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more information, see Windows Firewall with Advanced Security Administration with Windows PowerShell at http://technet.microsoft.com/library/hh831755.aspx.
Checklist: Implementing a basic firewall policy design
Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization.
Create the membership group and a GPO for each set of computers that require different firewall rules. Where GPOs will be similar, such as for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.
If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the computers for which this GPO is intended.
Configure the GPO with firewall default settings appropriate for your design.
Create one or more inbound firewall rules to allow unsolicited inbound network traffic.
Create one or more outbound firewall rules to block unwanted outbound network traffic.
Link the GPO to the domain level of the Active Directory organizational unit hierarchy.
Add test computers to the membership group, and then confirm that the computers receive the firewall rules from the GPOs as expected.
According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy the completed firewall policy settings to your computers.