Announcement

Collapse
No announcement yet.

Block Internet Traffic Windows 7 Firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Block Internet Traffic Windows 7 Firewall

    I can't find a straight answer on this.

    I have a domain computer and want to disable Internet traffic using the built in Windows Firewall. Local network access is fine.

    This is for testing in a lab. Can it be done?

  • #2
    Re: Block Internet Traffic Windows 7 Firewall

    How about giving the computer a static IP address and taking out/not including the default gateway.
    Please remember to award reputation points if you have received good advice.
    I do tend to think 'outside the box' so others may not always share the same views.

    MCITP -W7,
    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

    Comment


    • #3
      Re: Block Internet Traffic Windows 7 Firewall

      Hi UK_Network.

      Doing so means I can't remotely manage it. It's a good thought though.

      I am looking for a straightforward approach, like UK_Network's, but with the Windows Firewall, or whatever else.

      Comment


      • #4
        Re: Block Internet Traffic Windows 7 Firewall

        Since the Windows firewall is at the machine level, it will be difficult to block access further away -- you could block port 80 and 443 but that would affect the LAN too.

        Why not remote manage via another computer?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Block Internet Traffic Windows 7 Firewall

          Originally posted by Ossian View Post
          Since the Windows firewall is at the machine level, it will be difficult to block access further away -- you could block port 80 and 443 but that would affect the LAN too.

          Why not remote manage via another computer?
          The intent is to only remote manage via mmc or rdp, but I want to shut off internet locally on the box. By removing the default gateway, I cannot rdp it, unless I am doing something incorrect.

          Comment


          • #6
            Re: Block Internet Traffic Windows 7 Firewall

            Remote into a PC that DOES have internet access, then use rdp from that one to the computer you really want to manage
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Block Internet Traffic Windows 7 Firewall

              Originally posted by Ossian View Post
              Remote into a PC that DOES have internet access, then use rdp from that one to the computer you really want to manage
              Gotcha.

              Not to stray back to the original question, but is there a way to block internet traffic using the Windows Firewall?

              Comment


              • #8
                Re: Block Internet Traffic Windows 7 Firewall

                Yes and no
                Yes, including intranet traffic (block ports at PC level)
                No, you cant distinguish between internet and intranet except by IP address

                Best way, as suggested, is to remove the DG
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Block Internet Traffic Windows 7 Firewall

                  Put a dummy proxy into Internet Explorer.

                  Add a rule into your external firewall that blocks all internet traffic from that machine.

                  Set Group Policies to block the relevant browser executables.

                  Comment


                  • #10
                    Re: Block Internet Traffic Windows 7 Firewall

                    I can't test it at the moment and, to be honest, have never used the Win7 firewall but you could just setup a deny for destination 80 and 443. This would block websites on the default ports but to be fair it isn't the best way to approach this as "internet access" could be FTP, torrents, lots of other stuff!
                    Is the windows firewall acccessible to non-admins? I guess users on the machine may be able to disable anything you change anyway.
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: Block Internet Traffic Windows 7 Firewall

                      So, I tried removing the DG, and that works, but then I lost RDP connectivity.

                      I like the idea of a dummy proxy and GP utilization. I think I'll give that a try and also enforce something at the firewall.

                      Thank you everyone.

                      Comment

                      Working...
                      X