In this article we'll walk you through the process of enabling logging to help troubleshoot connection issues related to the Windows Firewall
We may find this info on a target by logging the dropped packets while replicating the steps in PDQ Deploy or Inventory that we are receiving the error or connection problems.
Enable Manually
To manually enable logging dropped packets on a failing target:
1. Launch the Windows Firewall Console on the Target Computer.
2. Select the Windows Defender Firewall tab and click Properties in the Actions menu.
3. Inside the Properties tab, select the Customize button under Logging.
4. Select Yes in the Log Dropped Packets dropdown menu.
5. Press OK to close the Logging Settings menu and again to close the Windows Defender Firewall Properties.
Enable with PowerShell
Set-NetFirewallProfile -Profile Domain -LogBlocked True
Accessing the logs
Once logging is enabled, verify you are able to read the log file. If not, open the Log Files Security tab and enable Read permissions for your account.
You can find the logs at the following path:C:\Windows\System32\LogFiles\Firewall
By default, the log is named pfirewall.log
After verifying the log can be opened and read, attempt to replicate the error received. You may need to close and reopen the file after each test to see updates.
If you do not see any dropped packets while logging the Domain Firewall, go back and turn off logging in the Domain Firewall and perform the steps to log the Private and Public firewall (one at a time).