Edit IPsec rules
Select IP Security Policies on Local Computer
We are going to create a new policy. Right click in the blank area. Select “Create IP Security Policy”
Next
Title it File Server security policy
UNcheck “Deactivate the default response rule”
Click next
Leave “edit properties selected and hit Finish.
I personally don’t like the wizard. We need to start with the list of objectives:
1. Deny all traffic
Click the add button
In “New Rule Properties” click Add
Title this rule “deny all”
Uncheck “use add wizard”
Click Add
This rule applies to ALL ips on ALL ports. Leave the first page.
Click on protocols to verify that we are doing any port
Click on Description and Type in “deny all traffic to and from this host”
Click ok to accept the rule
Under new rule properties click the radio button next to “deny all” then go to “filter action”
We have to add a deny rule. Click add
i’m building a test environment to screenshot for the next section on adding ports… after the deny rule you just start adding. Add tcp 80, 443 for web. DNS has to be open TO port 53 for both UDP and TCP traffic. I’d recommend opening the IP to a domain controller unless I knew everything about your AD.