Skip to content

Server Windows Firewall Policy

You can apply a Windows Firewall policy to servers.

You can apply a Windows Firewall policy to individual devices (computers or servers) or to groups of devices.

Warning

Other firewalls or your Windows Group Policy settings may affect how the policy is applied on individual computers and servers.

We advise that you test any firewall rules you create (locally or via Group Policy) to make sure that communication with Sophos is allowed.

If you set up and turn on a policy, we stop you editing the settings for Windows Firewall in the Windows Security Center.

If you turn off tamper protection, you can edit the settings for Windows Firewall in the Windows Security Center. You need administration rights to make changes.

Go to Server Protection > Policies to manage Windows Firewall on your servers.

To set up a policy, do as follows:

  • Create a Windows Firewall policy. See Create or Edit a Policy.
  • Open the policy's Settings tab and configure it as described below. Make sure the policy is turned on.

Monitor Type

In Monitor Type, select the level of monitoring you want:

  • Monitor Only. Devices will report their firewall status to Sophos Central. This is the default option.
  • Monitor & Configure Network Profiles. Devices will report their firewall status to Sophos Central. You can also choose whether to block or allow inbound connections on Domain Networks, Private Networks, and Public Networks.

    Choose from:

    • Block All
    • Block (with exceptions). You must set up the exceptions locally on the computer or server. If you don't set up exceptions all inbound connections are blocked.
    • Allow All