T
tman24
I'm trying to create a basic domain firewall policy (primarily for Win7) that does two things;
Allow two trusted subnets inbound connection to the host on ALL ports (so essentially open)
Block everything else
All outbound traffic will be unfiltered - only the inbound traffic is being controlled.
I created a domain firewall policy
I added an 'allow trusted subnets' inbound rule, which is as follows;
Action: Allow the connection
Allow all programs
Protocol Type: Any
Scope
Local IP addresses: Any
Remote IP addresses: My two subnets in CIDR annotation
Advanced
Profile: Domain
Block Edge traversal
I then set the Domain profile firewall state to ON, and set Inbound to Block (default) and Outbound to Allow (default). Running RSoP shows the policy is being applied, but here's the problem. Windows still allows inbound connectivity from all untrusted subnets! My understanding is that setting the Domain policy state to ON means that all traffic inbound will be blocked unless specifically allowed, and I specifically allowed connectivity from only two trusted subnets!
I tried created a 'Deny All' rule after the allow one (even though that should be implied), and that worked great - it blocked everything inbound, even my trusted subnets!!!
Anyone have any idea what's going on here. I'm very familiar with firewalls in general, but this just isn't working as it should do. No other firewall policies are being applied according to RSoP and my testing.
Thanks
Continue reading...
Allow two trusted subnets inbound connection to the host on ALL ports (so essentially open)
Block everything else
All outbound traffic will be unfiltered - only the inbound traffic is being controlled.
I created a domain firewall policy
I added an 'allow trusted subnets' inbound rule, which is as follows;
Action: Allow the connection
Allow all programs
Protocol Type: Any
Scope
Local IP addresses: Any
Remote IP addresses: My two subnets in CIDR annotation
Advanced
Profile: Domain
Block Edge traversal
I then set the Domain profile firewall state to ON, and set Inbound to Block (default) and Outbound to Allow (default). Running RSoP shows the policy is being applied, but here's the problem. Windows still allows inbound connectivity from all untrusted subnets! My understanding is that setting the Domain policy state to ON means that all traffic inbound will be blocked unless specifically allowed, and I specifically allowed connectivity from only two trusted subnets!
I tried created a 'Deny All' rule after the allow one (even though that should be implied), and that worked great - it blocked everything inbound, even my trusted subnets!!!
Anyone have any idea what's going on here. I'm very familiar with firewalls in general, but this just isn't working as it should do. No other firewall policies are being applied according to RSoP and my testing.
Thanks
Continue reading...