asked on
Microsoft Advanced Firewall Isolation
Hi All,
I need to set up Microsoft Advanced Firewall Isolation. The goal is to prevent domain computers from making connections to non-domain computers.
I've tried setting up a basic Any-All type rule (see attached), but it just blocks everything, nothing is permitted.
Can anyone guide me to making a single basic "required" isolation rule?![2016-02-19_Snag033.png]()
I need to set up Microsoft Advanced Firewall Isolation. The goal is to prevent domain computers from making connections to non-domain computers.
I've tried setting up a basic Any-All type rule (see attached), but it just blocks everything, nothing is permitted.
Can anyone guide me to making a single basic "required" isolation rule?
Software FirewallsWindows 10Windows OSNetwork Security
Last Comment
McKnife
ASKER
Hi Greg,
Actually the goal here is to prevent data theft. I can cover almost any scenario except when someone boots up the computer and then changes the network cable into a cross over connected to a laptop.
This solution looks like it's designed to prevent this scenario. If I can make it work.
Thanks.
Actually the goal here is to prevent data theft. I can cover almost any scenario except when someone boots up the computer and then changes the network cable into a cross over connected to a laptop.
This solution looks like it's designed to prevent this scenario. If I can make it work.
Thanks.
You did not link your other thread where you asked about the same thing: I told you to use ipsec. Did you read about how to set that up?
ASKER
Hi McKnife,
I'm actually asking this question based on the advice received in that question.
The problem with IPSec is that you need to restrict it by IP. So a rogue DHCP server could simply put the computer in a range outside of the IPSec rules thereby defeating them.
I could use a Static IP, but then I'll lose PXE.
Please correct me if I'm wrong.
Thanks,
Nicholas
I'm actually asking this question based on the advice received in that question.
The problem with IPSec is that you need to restrict it by IP. So a rogue DHCP server could simply put the computer in a range outside of the IPSec rules thereby defeating them.
I could use a Static IP, but then I'll lose PXE.
Please correct me if I'm wrong.
Thanks,
Nicholas
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Two subnets. one for domain, one for workgroups.
Firewall in between so that network resources can be shared.