How to Monitor Windows Firewall

Windows Firewall can be monitored via a COM object or the netsh command. This example will use the Execute Script monitor to run a netsh command line and parse the results to ensure all firewall profiles are on.

Create an Execute Script monitor. Set the language to VBScript and paste the following into the code window.

Dim WshShell, oExec
Set WshShell = CreateObject("WScript.Shell")
Set oExec = WshShell.Exec("c:\windows\system32\netsh -r " 
+ ComputerName + " advfirewall monitor show firewall")

strOut = ""

 Do While Not oExec.StdOut.AtEndOfStream
  strOut = strOut & oExec.StdOut.ReadLine()
  strOut = strOut & vbNewLine
 Loop

listLines = Split(strOut, vbNewline)

For Each line In listLines
	If InStr(line, "State ") > 0 Then
	   If InStr(line, "ON") = 0 Then
		   FireActions = true
		   Details = Details & "A Firewall Profile is OFF - " & line & vbNewLine
	   End If
	End If
Next

In the VBScript above, the netsh is run with commands to show the current status of the firewall on the remote server specified with the -r command. Note that the firewall rule "Windows Firewall Remote Management" has to be enabled for this to work.

Each line is parsed looking for a the text "State ". The space at the end is to prevent lines like "StatefulFTP" from being included. If "State " is seen, then the script checks for the word "ON".

This script might need to be customized for non-English systems.

This monitor could be used as a Monitor Template and applied to many servers at once for a quick check of your Windows servers.