No announcement yet.

Firewall in Domain

  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall in Domain


    i am thinking about turning on firewall in our Domain enviroment. At this moment I have turned on firewalls because of IPSec. But I dont block anything. basic policy is Allow any incoming connections. I would like to allow only important components for domain. Of course I will allow also RDP, Remote Assistance and somewhere file and printer share. Can anybody show me some recomendations for windows firewall rules for domain profile?



  • #2
    Re: Firewall in Domain

    Every environment is different. If you need RDP and remote assistance then you can make exceptions like you said but you should only allow through what you need. By default all outgoing traffic is allowed and incoming traffic is denied. This is usually fine for clients but if there's agents or other services or tools you need access to on the clients you'll need to make exceptions for those.

    What I suggest is selecting a test group of computers, apply the most restrictive settings and then open services/ports as needed. Once you have a good configuration for the test group you can then roll it out to a pilot group. After the successful pilot you can roll it out to all workstations.

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: Firewall in Domain

      I usually put the firewall in interactive mode and then open every application and connect to servers etc. Once all the firewall alerts have been responded to export the rules from the client machine and apply them to the domain.

      Jeremy is right, each environment is different so will have different requirements.
      A recent poll suggests that 6 out of 7 dwarfs are not happy