The following DSC statements duplicate existing Windows Firewall Rules instead of just updating the same rules which already exist. I would prefer it update instead of duplicate. Thanks
xFirewall EnableV4PingIn{
Name = 'File and Printer Sharing (Echo Request - ICMPv4-In)'
Group= 'File and Printer Sharing'
Protocol = 'ICMPv4'
Ensure='Present'
Enabled='True'
Direction='Inbound'
PsDscRunAsCredential = $DomainAdminCredential
}
xFirewall EnableV4PingOut{
Name = 'File and Printer Sharing (Echo Request - ICMPv4-Out)'
Group= 'File and Printer Sharing'
Protocol = 'ICMPv4'
Ensure='Present'
Enabled='True'
Direction='Outbound'
PsDscRunAsCredential = $DomainAdminCredential
}
xFirewall EnableV6PingIn{
Name = 'File and Printer Sharing (Echo Request - ICMPv6-In)'
Group= 'File and Printer Sharing'
Protocol = 'ICMPv6'
Ensure='Present'
Enabled='True'
Direction='Inbound'
PsDscRunAsCredential = $DomainAdminCredential
}
xFirewall EnableV6PingOut{
Name = 'File and Printer Sharing (Echo Request - ICMPv6-Out)'
Group= 'File and Printer Sharing'
Protocol = 'ICMPv6'
Ensure='Present'
Enabled='True'
Direction='Outbound'
PsDscRunAsCredential = $DomainAdminCredential
}
I figured it out :)
It turns out that the "Name" in xFirewall does not map to the "Name" shown in the GUI for the Windows Firewall.
You can run the following command to see the available rules (and their real "names"):
Get-NetFirewallRule |ft
So, your above can be simplified to the following (for v4):
xFirewall EnableV4PingIn
{
Name = "FPS-ICMP4-ERQ-In"
Enabled = "True"
}
xFirewall EnableV4PingOut
{
Name = "FPS-ICMP4-ERQ-Out"
Enabled = "True"
}