What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Windows Firewall enabled

Votes:

0

Your Vote:

Up

Down

Hello,

it's possible to know if Windows Firewall is enabled on Windows Server devices? I can't find this kind of sensors.

Thanks, regards.

enabled firewall windows

Created on Dec 9, 2020 6:56:16 AM by  Roberto Bonilla (0) 1



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

Thank you for the clarification.

I'm afraid that there is no native sensors to monitor that information, however you have the possibility to use the custom sensors as explained below:

The information is available via the WMI protocol and therefore, you have the possibility to use the sensor above to execute a custom WQL file to get the information you want. The class which provides the firewall profiles status is MSFT_NetFirewallProfile , located in the following namespace: root/StandardCimv2.

To use the WMI Custom sensor, please follow the steps below:

  1. Create a new wql file (Windows Firewall Status.wql for example) on the PRTG server
  2. Copy the following query in it and save the file.

SELECT Enabled FROM MSFT_NetFirewallProfile WHERE Name = '<#PH1>'

  1. Move that file under "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\WMI WQL scripts"
  2. Add a new WMI Custom sensor
  3. Configure the settings as the following
- Namespace: root/StandardCimv2
- WQL File: Select the file you created
- Placeholder <#PH1>: Write the firewall profile you want to monitor (Public, Private or Domain)
  1. Save the configuration

Then, you should get 0 or 1 depending on the status of the firewall profile (enabled or not). To make the information more meaningful, you can configure the lookup to prtg.standardlookups.boolean.statetrueok in the channel settings, or create your own lookup (Custom lookups).

The WMI Custom sensor only allows to get the status of one profile only. To get a channel for each of them (Public, Private, Domain) I invite you to write a small PowerShell script which would use the cmdlet Get-NetFirewallProfile .

To return the information in PRTG, please have a look to the following manual: https://www.paessler.com/manuals/prtg/custom_sensors#advanced_sensors

If you have questions, let us know.

Regards.

Created on Dec 9, 2020 12:37:17 PM by  Florian Lesage [Paessler Support]

Last change on Dec 9, 2020 1:48:11 PM by  Florian Lesage [Paessler Support]



7 Replies

Votes:

0

Your Vote:

Up

Down

Hello Roberto,

Thank you for your message.

Indeed, to monitor the Windows Firewall service on your servers, you can use the following sensors:

- WMI Service

- SNMP Windows service

If you have further questions, let us know.

Kind regards.

Created on Dec 9, 2020 8:13:17 AM by  Florian Lesage [Paessler Support]

Last change on Dec 9, 2020 8:13:34 AM by  Florian Lesage [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello,

thanks for your quick reply.

After check it, firewall service is always running but you can enable or disable firewall without affect firewall service.

My exactly question is how to check if firewall is enabled for three environments: domain, private and public.

Thanks in advance, regards.

Created on Dec 9, 2020 10:19:47 AM by  Roberto Bonilla (0) 1



Accepted Answer

Votes:

0

Your Vote:

Up

Down

Thank you for the clarification.

I'm afraid that there is no native sensors to monitor that information, however you have the possibility to use the custom sensors as explained below:

The information is available via the WMI protocol and therefore, you have the possibility to use the sensor above to execute a custom WQL file to get the information you want. The class which provides the firewall profiles status is MSFT_NetFirewallProfile , located in the following namespace: root/StandardCimv2.

To use the WMI Custom sensor, please follow the steps below:

  1. Create a new wql file (Windows Firewall Status.wql for example) on the PRTG server
  2. Copy the following query in it and save the file.

SELECT Enabled FROM MSFT_NetFirewallProfile WHERE Name = '<#PH1>'

  1. Move that file under "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\WMI WQL scripts"
  2. Add a new WMI Custom sensor
  3. Configure the settings as the following
- Namespace: root/StandardCimv2
- WQL File: Select the file you created
- Placeholder <#PH1>: Write the firewall profile you want to monitor (Public, Private or Domain)
  1. Save the configuration

Then, you should get 0 or 1 depending on the status of the firewall profile (enabled or not). To make the information more meaningful, you can configure the lookup to prtg.standardlookups.boolean.statetrueok in the channel settings, or create your own lookup (Custom lookups).

The WMI Custom sensor only allows to get the status of one profile only. To get a channel for each of them (Public, Private, Domain) I invite you to write a small PowerShell script which would use the cmdlet Get-NetFirewallProfile .

To return the information in PRTG, please have a look to the following manual: https://www.paessler.com/manuals/prtg/custom_sensors#advanced_sensors

If you have questions, let us know.

Regards.

Created on Dec 9, 2020 12:37:17 PM by  Florian Lesage [Paessler Support]

Last change on Dec 9, 2020 1:48:11 PM by  Florian Lesage [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello,

thank you so much! it works perfectly and so easy following your procedure.

King regards.

Created on Dec 9, 2020 1:03:47 PM by  Roberto Bonilla (0) 1



Votes:

0

Your Vote:

Up

Down

Hello again,

it's possible to combine the three sensors only in one? During configuration settings on WMI custom sensor exits three variables: <#PH1>, <#PH2> and <#PH3>. It's one could be: Private, Public and Domain.

Do you know the correct syntax for the query?

SELECT Enabled FROM MSFT_NetFirewallProfile WHERE Name = '<#PH1>' , '<#PH2>' , '<#PH3>'

thanks in advance, regards.

Created on Dec 9, 2020 8:04:47 PM by  Roberto Bonilla (0) 1



Votes:

0

Your Vote:

Up

Down

Hello Roberto,

I'm afraid that it's not possible to return many values with the WMI Custom sensor. Therefore, to get all firewall profiles status, you have to use the EXE/Script Advanced sensor with a custom PowerShell script. Please, have a look to my previous post regarding this matter.

Regards.

Created on Dec 10, 2020 8:22:14 AM by  Florian Lesage [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello,

thanks for your help and support.

Regards.

Created on Dec 10, 2020 12:31:49 PM by  Roberto Bonilla (0) 1



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.