Sign in
 
HomeWindows 8Windows 7Windows VistaWindows XPMDOPWindows IntuneLibraryForums
Windows Client >
Windows 7 Firewall Rule to Allow Communications With Only a Pre-defined LAN IP Range?

Unanswered Windows 7 Firewall Rule to Allow Communications With Only a Pre-defined LAN IP Range?

  • Monday, January 28, 2013 11:46 PM
     
     
    Sign In to Vote
    0
    Hello,

    I'm new to working with the Windows 7 firewall.  I want to create rules that will allow my office computers/laptops to only be able to communicate with certain computers on my LAN - those with an IP address from 192.168.10.50 to 192.168.10.55. 

    When guest computers connect to my network via ethernet, they would get an IP address outside this range and I don't want the guest computers to be able to see or communicate with the office computers and vice-versa.

    I created an inbound and outbound rule for testing that block all connections with remote IP addresses below .50 and above .55 via the scope tab and it is not working as intended.  I left the local IP address on the scope tab as "Any IP address" since I wasn't sure what to enter here.  I left the entries on all the other tabs of the rules at their defaults.

    What should I do to set this up correctly?  Is there a better way to achieve what I am trying to do?

    Thanks.
    • Edited by Sysadmin_Ed Tuesday, January 29, 2013 5:21 AM
    •  
     

All Replies

  • Wednesday, January 30, 2013 8:14 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Open the advanced firewall configuration. In the left panel, choose Inbound or Outbound rules.

    1. Click New rule in the right panel.

    2. Choose Custom.

    3. In the left, go to "Scope." Choose “These IP addresses”, click Add button and add the IP range.

    4. Go to Action, choose Block the connection.

    Hope it helps.

    Tracy Cai

    TechNet Community Support


     
  • Saturday, February 02, 2013 2:11 AM
     
     
    Sign In to Vote
    0

    Tracy,

    Thanks.  That's exactly what I did.  I specified to block 192.168.10.2 through 192.168.10.49, and 192.168.10.56 through 192.168.10.255 in the remote IP address field.

    When I did that, I could no longer communicate with my Windows Home Server which is 192.168.10.51 which is not in the blocked range.

    I think it might have something to do with the first field on the scope tab, the local IP address.  I left that as "any IP address" because I wasn't sure what to enter there.

    I'm just trying to set up a "trusted" network zone without having to resort to using IPSec or some other complicated authentication methodology.


    • Edited by Sysadmin_Ed Saturday, February 02, 2013 2:11 AM
    •  
     
  • Tuesday, February 12, 2013 6:09 PM
     
     
    Sign In to Vote
    0

    Can anybody advise?

    The reason that I am having to do this is because I have F-Secure on many computers and the 2013 version of F-Secure no longer has its own firewall so all the rules that I wrote for F-Secure's firewall are now useless.  I used these rules to create this LAN "safe zone".  Now I need to re-create this using Windows Firewall (or use another firewall if absolutely necessary).

    Thanks