There is significant complexity to Windows Firewall, especially when managed by GPO.
A given profile may or may not allow exceptions, it may or may not allow merging local rules with GPO-enforced rules, etc.
One useful thing may be to generate a report of all policy settings via
gpresult.exe /h gpreport.html
And then view the results to see whether they are as expected. That can highlight issues with GPO inheritance / overrides, or may even show that GPO is not applying when the Domain is unreachable.