You're recieving this prompt because there isn't an explicit rule relating to the application. The default firewall policy allows outbound connections not matching any rule so most of the time this relates to the application accepting inbound connections, which are blocked by default, and thus require a specific firewall rule to exist before they are allowed through the firewall.
Windows Firewall sees your builds as separate programs because they are different executables with different paths.
There are a number of possible ways to address this issue:
Have Each Build Set a Rule
You could create a firewall rule, either as part of the application's code, or as a post-build step executed by your CI tool.
If you don't want to add specific code to your executable (or setup process) to setup a rule, you could have your CI tool execute a PowerShell script similar to the one below
This script removes any existing test build firewall rules and adds a rule allowing inbound connections for the current build:
Param ( [Parameter(Mandatory=$true)] [string] $BuildPath ) function Add-TestBuildFirewallRule { Param ( [Parameter(Mandatory=$true)] [string] $BuildPath ) $existingRule = Get-NetFirewallRule -Name YourApp-LatestTestBuild -ErrorAction SilentlyContinue if($existingRule -ne $null) { Remove-NetFirewallRule -Name YourApp-LatestTestBuild } New-NetFirewallRule -Name "YourApp-TestBuild" -DisplayName "Latest Test Build" -Description "Allow the latest test build to accept incomming connections" -Enabled True -Direction Inbound -Program $BuildPath } Add-TestBuildFirewallRule -BuildPath $BuildPath
In order to use the provided script you would need to:
- Have PowerShell v4.0 installed on the CI server. This should be the case for Windows 8x or Server 2012
- Save the script in a directory that your CI tool has Read & Execute rights to in a file with a
.ps1
extension - Run the script as an Administrator - this is required because changing firewall rules is a privileged operation
- Have your CI tool execute the script using a command similar to:
powershell.exe -ExecutionPolicy Bypass Add-BuildFirewallRule.ps1 -BuildPath %FULL_BUILD_PATH
You need to replace%FULL_BUILD_PATH%
in the command above with the full path to the built executable - your CI tool should be able to do this fairly easily.
Unblock The Target Port
You can have Windows firewall allow all traffic (or all traffic of a certain protocol) on specific port(s). This would allow your builds (and any other application using that port) to communicate. You may be able to specify that communication should be limited to the local machine using the Windows Firewall with Advanced Security UI to create the rule, but I would still avoid this if possible.