encoad
asked on
Microsoft Advanced Firewall Isolation
Hi All,
I need to set up Microsoft Advanced Firewall Isolation. The goal is to prevent domain computers from making connections to non-domain computers.
I've tried setting up a basic Any-All type rule (see attached), but it just blocks everything, nothing is permitted.
Can anyone guide me to making a single basic "required" isolation rule?
I need to set up Microsoft Advanced Firewall Isolation. The goal is to prevent domain computers from making connections to non-domain computers.
I've tried setting up a basic Any-All type rule (see attached), but it just blocks everything, nothing is permitted.
Can anyone guide me to making a single basic "required" isolation rule?
ASKER
Hi Greg,
Actually the goal here is to prevent data theft. I can cover almost any scenario except when someone boots up the computer and then changes the network cable into a cross over connected to a laptop.
This solution looks like it's designed to prevent this scenario. If I can make it work.
Thanks.
Actually the goal here is to prevent data theft. I can cover almost any scenario except when someone boots up the computer and then changes the network cable into a cross over connected to a laptop.
This solution looks like it's designed to prevent this scenario. If I can make it work.
Thanks.
You did not link your other thread where you asked about the same thing: I told you to use ipsec. Did you read about how to set that up?
ASKER
Hi McKnife,
I'm actually asking this question based on the advice received in that question.
The problem with IPSec is that you need to restrict it by IP. So a rogue DHCP server could simply put the computer in a range outside of the IPSec rules thereby defeating them.
I could use a Static IP, but then I'll lose PXE.
Please correct me if I'm wrong.
Thanks,
Nicholas
I'm actually asking this question based on the advice received in that question.
The problem with IPSec is that you need to restrict it by IP. So a rogue DHCP server could simply put the computer in a range outside of the IPSec rules thereby defeating them.
I could use a Static IP, but then I'll lose PXE.
Please correct me if I'm wrong.
Thanks,
Nicholas
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Two subnets. one for domain, one for workgroups.
Firewall in between so that network resources can be shared.