Inbound firewall rule for trusted subnets not working as expected

T

tman24

I'm trying to create a basic domain firewall policy (primarily for Win7) that does two things;


Allow two trusted subnets inbound connection to the host on ALL ports (so essentially open)

Block everything else


All outbound traffic will be unfiltered - only the inbound traffic is being controlled.


I created a domain firewall policy

I added an 'allow trusted subnets' inbound rule, which is as follows;


Action: Allow the connection

Allow all programs

Protocol Type: Any

Scope

Local IP addresses: Any

Remote IP addresses: My two subnets in CIDR annotation

Advanced

Profile: Domain

Block Edge traversal


I then set the Domain profile firewall state to ON, and set Inbound to Block (default) and Outbound to Allow (default). Running RSoP shows the policy is being applied, but here's the problem. Windows still allows inbound connectivity from all untrusted subnets! My understanding is that setting the Domain policy state to ON means that all traffic inbound will be blocked unless specifically allowed, and I specifically allowed connectivity from only two trusted subnets!


I tried created a 'Deny All' rule after the allow one (even though that should be implied), and that worked great - it blocked everything inbound, even my trusted subnets!!!


Anyone have any idea what's going on here. I'm very familiar with firewalls in general, but this just isn't working as it should do. No other firewall policies are being applied according to RSoP and my testing.


Thanks

Continue reading...
 
Back
Top Bottom