This article describes firewalls, their use within the USGS environment, policies and related GPO’s.
Firewalls provide a barrier between your computer and the network to prevent unwanted traffic. The use of hardware firewalls to protect an office from unwanted traffic is considered essential, but current best practice also suggests the addition of a client based firewall on all systems. While the hardware firewall does protect systems against traffic that flows across the the WAN, the client based firewall offers an additional layer of protection against traffic that may have entered the internal network through other means. If for example some virus was introduced into an office through a laptop system or other removable media, this would now be active behind the hardware firewall and able to move around from client to client. While there are third party options available for client firewall protection, the internal Windows firewall allows for granular control and GPO management.
DISA requirements state that all computers must have a client firewall enabled. See the links below to learn more about the firewall requirements and how to manage the firewall using group policy in your environment.
Windows Server 2016 STIG Firewall Settings
Ready-to-link Firewall Customization GPOs
About the Windows Firewall – FAQs
Creating a Custom Firewall GPO
To read even more about the Windows firewall, see the following Microsoft resource:
http://technet.microsoft.com/en-us/library/cc732283(WS.10).aspx