Windows Firewall state different between Powershell output and GUI
According to this article:https://social.technet.microsoft.com/Forums/windowsserver/en-US/4d8678e2-5653-4fd2-b275-62e0e7008ff9/conflicting-display-of-windows-firewall-setting-from-gui-and-netsh-advfirewall?forum=winserverGP
There are 2 stores for this setting, a local and a Group Policy store. A resulting firewall state is calculated based on these 2.
The answer from Elytis Cheng:
Windows Firewall has mutliple configuration stores. One is for Group Policy and one is for local. The policy that is actually applied is a result of a merge of these stores (how they are merged depends on what options are set in Group Policy). In Group Policy, the firewall was enabled for the domain profile. However, in the local store, the firewall was disabled for the domain profile. The merge result meant that the firewall was on. This is shown correctly by the Control Panel (which shows the active policy, not policy from a specific store). At the time, the Windows Firewall with Advanced Security snap-in connected to the local computer was showing the local store.
The final piece is netsh. netsh firewall show allprofiles shows the configuration in the local store.