locked
Advanced FireWall Allow only Predefined IP (or MAC) address to communicate with eachother RRS feed

  • Question

  • Greetings,

    Not sure if I'm in the correct category, but here it goes.

    Have 10 work stations (public) and 2 servers (private) on a large network with multiple subnets. What I am attempting to accomplish (via AFW) is set up rules on each workstation so they only communicate with each other and the servers.

    I am (was) attempting to use AFW and configure rules based on IP address.  I would think the following would be possible.

    Turn off all communications on all Work Station so all traffic incoming and outgoing is blocked. Then Assign the designated IP addresses that are allowed to accept and receive ALL traffic. 

    Currently I have 5 of the WS's benched on a mini network with addresses 10.10.10.2 -10.10.10.6.  been attempting different settings with no success, a lot of helpful articles have been read, but I think I'm missing something very basic.

    Perhaps some one can point me in the right direction?

    A million thank you in advance

    David

     

    Wednesday, May 4, 2016 7:55 PM

All replies

  • I would recommend doing hardware based ACL's to ensure this is done correctly.

    By AFW are you refering to and Application Firewall? The built-in windows Firewall? 

    Wednesday, May 4, 2016 8:18 PM
  • Hello,

    Thanks for getting back,

    AFW - I meant Windows Advanced Firewall.

    I am researching ACL's now.

    Thanks 

    Wednesday, May 4, 2016 8:53 PM
  • Hi David,

    >>What I am attempting to accomplish (via AFW) is set up rules on each workstation so they only communicate with each other and the servers.

    In my experience,you could try to use VLAN.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, May 5, 2016 1:43 AM
  • Cartman,

    Thank you for the info, will research this in more depth, looks like a viable solution.

    This option has been mentioned by out IT department but may not be viable due Network Security policy.

    David

      

    Thursday, May 5, 2016 2:49 PM