Link to home
Create AccountLog in
Avatar of Leadtheway
LeadthewayFlag for United States of America

asked on

Windows Server 2008 Adv Firewall

Have a couple applications, sql 2005 and xenapp 6.5, we are transitioning to 2008 server R2 from 2003.  I was wondering what the best practice for creating rules?  Like sql using named instance and static outgoing ports, but random return.  Would i have to write a rule for each port or could i say create a firewall rule for just SQL that would include all.  Same with Citrix.  and then create a GPO to apply these rules to the OU of the respective server?
SOLUTION
Avatar of Aaron Tomosky
Aaron Tomosky
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of btan
btan

Forget to mention on GPO, I see more relevant if you want to duplicate FW policy across to multiple same build servers using export and import of rules build. One use case such as this if of interest

http://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/

I suggest if you have some time to explore this with your team (see the checklists)

Windows Firewall with Advanced Security Deployment Guide
http://technet.microsoft.com/en-us/library/cc947811(v=ws.10).aspx
Avatar of Leadtheway

ASKER

Thanks guys, i think adding the program path is prob the easiest way don't you?  the only issue then is determining the prog path for all needed services, not so much sql as those are know, but like citrix xenapp, there are alot of required pieces that bind to svchost.  I have been using a combination of a portscanner, netstat and process explorer to try to determine.  You guys know of an easier way?
Citrix should have the ports documented, so an easier way to determine the required ports would be RTFM. ;-)