You'd like to use the really simple and easy to configure Windows Firewall when using Routing and Remote Access RRAS on Windows 2003 Server?
Well you're out of luck. They simply won't co-exist.
However there is good news. You can just about replicate the functionality of Windows Firewall using the Local Security Policy of your Windows 2003 Server.
1) Switch off the windows firewall in Services Applet of Control Panel.
2) Configure your Routing and Remote Access RRAS however you want it.
3) Go to Local Security Settings in Administrative Tools.
Notice that none of the prepared Security Policies are enabled.
We are going to create our own. So right click on IP Security Policies on Local Computer... and Create IP Security Policy..
3) Lets say for arguments sake you have a multi-homed server with 2 IP addresses. On one of the IP addresses you have a website that need to be checked for PCI compliance and you want to block all ports bar the website 80 and SSL on 443. On the other IP address you want to be able to accept remote NAT connections from the Internet, and therefore need a lot more open ports.
So lets plough on....
View the welcome screen.
4) Enter a name for your Security Policy. I just entered My Custom Security Policy since you are only allowed one running at any one time, and it is within this Policy you set the Rules.
You can enter a description if you like.
5) Remove the default response rule.
6) Then leave the tick in Edit Properties and click Finish.
7) This is the screen grab of one I made earlier. You can see that you can have either 'Permit' or 'Block' actions.
8) Lets look at the settings of the 'ALL PORTS BLOCK' rule.
9) If you look on the Filter Action tab you will see the Filter's action is to Deny.
10) Going back to the IP Filter List you can see all the IP Filters in place.
11) So here I am blocking ports e.g. In the first rule I am blocking port 25 on the IP ending .169 (my PCI compliant website) and so on. These are set by Add/Edit.. on the following two screens:
12) Finally create a "Allow" rule to allow packets/protocols etc from specific IP addresses through to exactly the same as the 'Deny' rule choose 'Permit' on the Filter Action tab.
© 2004 - 2021 1 Oak Hill Grove Surbiton Surrey KT6 6DS Phone: +44(020) 8123 1321