Windows Firewall with Advanced Security console (the wf.msc) has a very useful node called Monitoring. Windows Firewall can receive many separate settings from local registry configuration, from local Group Policy Object (gpedit.msc) or from several domain based GPOs which all combine together to provide the resulting firewall configuration and rule list.
Although you can always use the gpresult /h reporting tool to troubleshoot domain based GPO deployment, this does not record the firewall settings comming from local registry and from the local GPO. Therefore I use the Monitoring node of the Windows Firewall console itself, which provides the best view of actual firewall settings and rules currently in effect. It displays just the rules which are applied and nothing else.
It also has a nice feature to display the originating Group Policy Object name from which the particular rule came. You just right-click the Monitoring - Firewall subnode, select View - Select columns and then add the column called Rule Source.
The last week, I have hit a weird situation in which I fought for hours to find out what the particular Rule Source means. Customer's workstations were applying some firewall rules that seemed to come from nowhere. Their Rule Source was Local Group Policy Setting. So naturally I went for local GPO with gpedit.msc, but found nothing. Not even anything in domain based GPOs.
Brief look at the registry HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile showed that the machine really applied something from a GPO. But which one?
Finally I found out what it was. The customer did one of the highly non-recommended thing as they always do :-) They were configuring their Windows XP firewall with Group Policy previously, so they just left it in place when they upgraded to Windows 7 recently.
So the settings came from a domain based GPO, from its Administrative Templates - Network - Network Connections - Windows Firewall - Domain Profile. Because these settings are obsolete for Windows 7 firewall, they appeared as Local Group Policy Setting in the Monitoring node of the Windows Firewall with Advanced Security console. The new console just didn't see where they come from.
Recommanded solution to Windows Firewall configuration
If you configure Windows XP and Windows 2003 firewall, use the Administrative Templates section. If you configure Windows Vista, Windows 7, Windows 2008 and newer firewall, use the Windows Settings - Security Settings - Windows Firewall with Advanced Security console exclusively. Or you get mixed and cofusing setting which also sometimes makes functional problems.
If you must use both groups of operating systems still, just apply WMI filters or any other GPO filtering method to separate the settings into different GPOs.