| Name |
Description |
|---|
| Core Networking - Destination Unreachable (ICMPv6-In) |
Destination Unreachable error messages are sent from any node that a packet traverses which is unable to forward the packet for any reason except congestion. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 1:code any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) |
Destination Unreachable Fragmentation Needed error messages are sent from any node that a packet traverses which is unable to forward the packet because fragmentation was needed and the don’t fragment bit was set. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 1 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 3:code 4 |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Dynamic Host Configuration Protocol (DHCP-In) |
Allows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration. |
|
Enabled | True |
| Program | %SystemRoot%\system32\svchost.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 17 |
| Local port | 68 |
| Remote port | 67 |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | dhcp |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Internet Group Management Protocol (IGMP-In) |
IGMP messages are sent and received by nodes to create, join and depart multicast groups. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 2 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - IPv6 (IPv6-In) |
Inbound rule required to permit IPv6 traffic for ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) and 6to4 tunneling services. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 41 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Multicast Listener Done (ICMPv6-In) |
Multicast Listener Done messages inform local routers that there are no longer any members remaining for a specific multicast address on the subnet. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 132:code any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Multicast Listener Query (ICMPv6-In) |
An IPv6 multicast-capable router uses the Multicast Listener Query message to query a link for multicast group membership. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 130:code any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Multicast Listener Report (ICMPv6-In) |
The Multicast Listener Report message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 131:code any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Multicast Listener Report v2 (ICMPv6-In) |
Multicast Listener Report v2 message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 143:code any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Neighbor Discovery Advertisement (ICMPv6-In) |
Neighbor Discovery Advertisement messages are sent by nodes to notify other nodes of link-layer address changes or in response to a Neighbor Discovery Solicitation request. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 136:code any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Neighbor Discovery Solicitation (ICMPv6-In) |
Neighbor Discovery Solicitations are sent by nodes to discover the link-layer address of another on-link IPv6 node. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 135:code any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Packet Too Big (ICMPv6-In) |
Packet Too Big error messages are sent from any node that a packet traverses which is unable to forward the packet because the packet is too large for the next link. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 2:code any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Parameter Problem (ICMPv6-In) |
Parameter Problem error messages are sent by nodes as a result of incorrectly generated packets. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 4:code any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Router Advertisement (ICMPv6-In) |
Router Advertisements are sent to by routers to other nodes for stateless auto-configuration. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 134:code any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Teredo (UDP-In) |
Inbound UDP rule to allow Teredo edge traversal, a technology that provides address assignment and automatic tunneling for unicast IPv6 traffic when an IPv6/IPv4 host is located behind an IPv4 network address translator. |
|
Enabled | True |
| Program | %SystemRoot%\system32\svchost.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 17 |
| Local port | Teredo |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | iphlpsvc |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| Core Networking - Time Exceeded (ICMPv6-In) |
Time Exceeded error messages are generated from any node that a packet traverses if the Hop Limit value is decremented to zero at any point on the path. |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 3:code any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Core Networking |
|
| File and Printer Sharing (Echo Request - ICMPv4-In) |
Echo Request messages are sent as ping requests to other nodes. |
|
Enabled | True |
| Program | Any |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 1 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 8:code any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| File and Printer Sharing (Echo Request - ICMPv6-In) |
Echo Request messages are sent as ping requests to other nodes. |
|
Enabled | True |
| Program | Any |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 58 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | type 128:code any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| File and Printer Sharing (NB-Datagram-In) |
Inbound rule for File and Printer Sharing to allow NetBIOS Datagram transmission and reception. [UDP 138] |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 17 |
| Local port | 138 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| File and Printer Sharing (NB-Name-In) |
Inbound rule for File and Printer Sharing to allow NetBIOS Name Resolution. [UDP 137] |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 17 |
| Local port | 137 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| File and Printer Sharing (NB-Session-In) |
Inbound rule for File and Printer Sharing to allow NetBIOS Session Service connections. [TCP 139] |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | 139 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| File and Printer Sharing (SMB-In) |
Inbound rule for File and Printer Sharing to allow Server Message Block transmission and reception via Named Pipes. [TCP 445] |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | 445 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| File and Printer Sharing (Spooler Service - RPC) |
Inbound rule for File and Printer Sharing to allow the Print Spooler Service to communicate via TCP/RPC. |
|
Enabled | True |
| Program | %SystemRoot%\system32\spoolsv.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | Dynamic RPC |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | Spooler |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| File and Printer Sharing (Spooler Service - RPC-EPMAP) |
Inbound rule for the RPCSS service to allow RPC/TCP traffic for the Spooler Service. |
|
Enabled | True |
| Program | Any |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | RPC endpoint mapping |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | Rpcss |
| Allow edge traversal |
False |
| Group | File and Printer Sharing |
|
| Remote Assistance (DCOM-In) |
Inbound rule for Remote Assistance to allow offers for assistance via DCOM. [TCP 135] |
|
Enabled | True |
| Program | %SystemRoot%\system32\svchost.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | RPC endpoint mapping |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | rpcss |
| Allow edge traversal |
False |
| Group | Remote Assistance |
|
| Remote Assistance (UPnP-In) |
Inbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP 2869] |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | 2869 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Remote Assistance |
|
| Remote Assistance (SSDP-In) |
Inbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900] |
|
Enabled | True |
| Program | %SystemRoot%\system32\svchost.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 17 |
| Local port | 1900 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Local subnet |
| Profile | Domain |
| Network interface type |
All |
| Service | Ssdpsrv |
| Allow edge traversal |
False |
| Group | Remote Assistance |
|
| Remote Assistance (TCP-In) |
Inbound rule for Remote Assistance traffic. [TCP] |
|
Enabled | True |
| Program | %SystemRoot%\system32\msra.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Remote Assistance |
|
| Remote Assistance (RA Server TCP-In) |
Inbound rule for Remote Assistance to allow offers for assistance. [TCP] |
|
Enabled | True |
| Program | %SystemRoot%\system32\raserver.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Remote Assistance |
|
| Remote Desktop (TCP-In) |
Inbound rule for the Remote Desktop service to allow RDP traffic. [TCP 3389] |
|
Enabled | True |
| Program | System |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | 3389 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Remote Desktop |
|
| Windows Management Instrumentation (ASync-In) |
Inbound rule to allow Asynchronous WMI traffic for remote Windows Management Instrumentation. [TCP] |
|
Enabled | True |
| Program | %systemroot%\system32\wbem\unsecapp.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | All programs and services |
| Allow edge traversal |
False |
| Group | Windows Management Instrumentation (WMI) |
|
| Windows Management Instrumentation (DCOM-In) |
Inbound rule to allow DCOM traffic for remote Windows Management Instrumentation. [TCP 135] |
|
Enabled | True |
| Program | %SystemRoot%\system32\svchost.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | 135 |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | rpcss |
| Allow edge traversal |
False |
| Group | Windows Management Instrumentation (WMI) |
|
| Windows Management Instrumentation (WMI-In) |
Inbound rule to allow WMI traffic for remote Windows Management Instrumentation. [TCP] |
|
Enabled | True |
| Program | %SystemRoot%\system32\svchost.exe |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | |
| Authorized users | |
| Protocol | 6 |
| Local port | Any |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | Any |
| Profile | Domain |
| Network interface type |
All |
| Service | winmgmt |
| Allow edge traversal |
False |
| Group | Windows Management Instrumentation (WMI) |
|