Windows Defender Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-242005 | WNFWA-000025 | SV-242005r922960_rule | CCI-001190 | medium |
| Description | ||||
| A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Local connection rules will not be merged with Group Policy settings on a public network to prevent Group Policy settings from being changed. | ||||
| STIG | Date | |||
| Microsoft Windows Defender Firewall with Advanced Security Security Technical Implementation Guide | 2023-08-23 | |||
Details
Check Text (C-242005r922960_chk)
If the system is not a member of a domain, this is NA.
If the firewall's Public Profile is not enabled (see V-17417), this requirement is also a finding.
Verify the registry value below.
If this registry value does not exist or is not configured as specified, this is a finding.
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\
Value Name: AllowLocalIPsecPolicyMerge
Type: REG_DWORD
Value: 0x00000000 (0)
Fix Text (F-45239r922959_fix)
If the system is not a member of a domain, this is NA.
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Windows Defender Firewall with Advanced Security >> Windows Defender Firewall with Advanced Security >> Windows Defender Firewall Properties (this link will be in the right pane) >> Public Profile tab >> Settings (select Customize) >> Rule merging, "Apply local connection security rules:" to "No".