windowsnerd.com

notes from an admin for himself. you can read it if you want.

Entries Comments


Custom Search






Edit IPsec rules

Select IP Security Policies on Local Computer

We are going to create a new policy. Right click in the blank area. Select “Create IP Security Policy”

Next

Title it File Server security policy

UNcheck “Deactivate the default response rule”

Click next

Leave “edit properties selected and hit Finish.

I personally don’t like the wizard. We need to start with the list of objectives:

1. Deny all traffic

Click the add button

ipsec new rule add

In “New Rule Properties” click Add

Title this rule “deny all”

Uncheck “use add wizard”

deny start

Click Add

This rule applies to ALL ips on ALL ports. Leave the first page.

Click on protocols to verify that we are doing any port

Click on Description and Type in “deny all traffic to and from this host”

deny all done

Click ok to accept the rule

Under new rule properties click the radio button next to “deny all” then go to “filter action”

deny all

We have to add a deny rule. Click add

 

i’m building a test environment to screenshot for the next section on adding ports… after the deny rule you just start adding. Add tcp 80, 443 for web. DNS has to be open TO port 53 for both UDP and TCP traffic. I’d recommend opening the IP to a domain controller unless I knew everything about your AD.

Write a comment