Moved here from the Tools Request forum.
Some options to achieve your goal:
- Use a payload that disables the Windows Firewall as part of its initial code execution. Im not aware of an existing payload that does this in Metasploit so you would probably need to write the shellcode yourself.
- Use a payload that can work through a firewall. Something like this perhaps. Or maybe one of the reverse_http payloads. Whether these will work depends on the allowed ruleset in place on the firewall.