This forum is closed. Thank you for your contributions.

Remove From My Forums

Network Profile for DirectAccess clients

Question
0

Sign in to vote

When clients connect to DirectAccess the client is automatically setting the network profile as Public. However, in the Public profile the firewall rules configured in our environment are most restrictive and this prevents Remote Management of the workstation when connected via DirectAccess. I don't want to enable the rules for the Public profile for security reasons. Is it possible for the client to detect the network profile as Domain - it makes sense as it has DC connectivity?

Monday, June 22, 2020 5:37 PM

Answers

1

Sign in to vote
No, it is not. The DirectAccess client will always use either the Public of Private Windows firewall profile. If you want to allow management traffic you can do this safely by configuring firewall rules for the Public/Private profiles and scoping them to your organization's internal IPv6 prefix. That can be your native prefix if you've deployed IPv6 or the ISATAP prefix if you are using the transition technology. More details here:

https://directaccess.richardhicks.com/2015/04/13/directaccess-client-firewall-rule-configuration-for-isatap-manage-out/

Richard M. Hicks
Founder and Principal Consultant - Richard M. Hicks Consulting, Inc.
directaccess.richardicks.com
- Marked as answer by Yordan Yordanov Tuesday, June 23, 2020 6:37 AM
Tuesday, June 23, 2020 12:03 AM