ConfigMgr Firewall exceptions for Client deployment.

To enable ConfigMgr client deployment, create the following GPO (or update if you already have one):

Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile
Windows Firewall: Allow inbound file and printer sharing exception: Enabled
Allow unsolicited incoming messages from these IP addresses: SCCM IP Address
Windows Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses: SCCM IP Address
Namaste.

Also read...