Fix FWP_E_DUPLICATE_CONDITION (0x8032002A) in Windows Firewall

Yeah, this error's annoying. It usually pops up when you're importing a firewall rule or applying a GPO, and Windows just throws 0x8032002A in your face. I've seen it a hundred times. The fix is straightforward.

Quick Fix — Identify and Delete the Bad Rule

The culprit here is almost always a rule with two conditions on the same field — like having two RemoteIP entries. Windows Firewall won't allow that. You can't edit the rule in the GUI, because the GUI won't even show the duplicate. You need the command line.

Open PowerShell as admin and run this:

Get-NetFirewallRule | Where-Object { $_.Status -eq 'Error' } | Format-List Name, DisplayName, Status

That shows you every broken rule. If you get nothing, the rule might be in a GPO. Check with:

Get-NetFirewallRule -PolicyStore ActiveStore | Where-Object { $_.Status -eq 'Error' } | Format-List Name, DisplayName

Once you've got the rule name, delete it:

Remove-NetFirewallRule -Name "YourRuleNameHere"

Replace YourRuleNameHere with the actual rule name from the previous output. Don't guess — copy it exactly.

If You Can't Delete — Export and Recreate

Sometimes the rule is locked by Group Policy. In that case, export it, strip the duplicate, and re-import. Use this:

netsh advfirewall firewall show rule name=all verbose

That dumps everything. Find your rule, note the conditions. Export just that rule:

netsh advfirewall firewall export "C:\temp\firewall_rules.wfw"

Then delete it, fix the duplicate in the export file with Notepad, and import back:

netsh advfirewall firewall import "C:\temp\firewall_rules_fixed.wfw"

Don't bother trying to merge — it'll just fail again. Import overwrites everything.

Why This Happens

Windows Filtering Platform (WFP) enforces a rule: each filter condition field can appear only once per rule. So you can't have RemoteIP=192.168.1.0/24 AND RemoteIP=10.0.0.0/8 in the same rule. You have to split those into two separate rules.

This usually happens when someone manually edited a GPO in the advanced firewall editor and accidentally added the same field twice. Or when you import a rule from an older system that had different syntax. The GUI won't let you create this mess, but exported policies can.

Less Common Variations

You might see this error with different field names. The same WFP limitation applies to:

• LocalIP — two separate local IP ranges
• RemotePort — two port ranges
• ApplicationPath — two program paths
• Protocol — TCP and UDP in one rule

If you're scripting firewall rules with PowerShell and you get 0x8032002A, check your New-NetFirewallRule or Set-NetFirewallRule calls for duplicate -RemoteAddress or -LocalAddress parameters.

Server Core and Nano Server

On Server Core (2016 or later), you won't have the GUI at all. Stick with Get-NetFirewallRule and Remove-NetFirewallRule. The error there is exactly the same. I've seen it on Server 2019 when applying a GPO that had a misconfigured firewall rule for RDP.

Prevention

Don't create rules with multiple conditions on the same field. If you need to match multiple IP ranges, create separate rules for each range. Same for ports, protocols, or programs.

When importing rules from a file, always test on a non-production machine first. Use Get-NetFirewallRule to check the status after import. If it's "Error", you've got a duplicate.

For GPOs, use the Group Policy Management console's firewall editor — it validates the rule before saving. Don't manually edit the GPO's XML files. I know, I know, sometimes you have to. But that's when this error bites you.

One last thing: if you're using a third-party firewall manager, check its logs. Some tools create duplicate conditions when they sync. I've seen that with older versions of SolarWinds and GFI. Upgrade to the latest version if that's you.