Invoke-IcingaCheckFirewall not reporting correct state

[Gehaktdag]

It seems the Invoke-IcingaCheckFirewall is not reporting the right status.

Changed firewall status to off, configured with GPO;

Verify the firewall is indeed not working and off

Firewall status is fine according to the Icinga check.

Only when the firewall status is disabled through Set-NetFirewallProfile is seems to detect the correct status.

[LordHepipud]

Thank you for the report. This will require some research. I just tested this by disabling the firewall over the UI for the domain profile.

icinga -DeveloperMode { Invoke-IcingaCheckFirewall -FirewallProfile Public, Domain, Private -Verbosity 3 -Enabled }
[CRITICAL] Firewall profiles [CRITICAL] Firewall Profile Domain (Disabled) (All must be [OK])
\_ [CRITICAL] Firewall Profile Domain: Disabled is not matching threshold Enabled
\_ [OK] Firewall Profile Private: Enabled
\_ [OK] Firewall Profile Public: Enabled
| 'firewall_profile_domain'=0;;1 'firewall_profile_private'=1;;1 'firewall_profile_public'=1;;1

I'm not sure on how GPO settings will affect this result and will require to setup a test-case for this.

[Gehaktdag]

If you turn off the firewall within the GUI it does show the correct state

If i set the state to enabled again and use these GPO settings the firewall is OFF like tested above it shows the wrong state at the Invoke command.

For my business case its not really a problem anymore since we dont disable firewalls through the GPO and i want to monitor if local admins wont disable it. If they do it i assume they disable it through out the GUI and not create a local GPO to do this.

[Aleksey-Maksimov]

Hello.

We confirm the problem is with the Invoke-IcingaCheckFirewall plugin. If the Windows Firewall profile is disabled not manually, but through group policy, then the plugin incorrectly determines its status.