none
Windows Advanced Firewall outbound authentication breaks rule RRS feed

  • Question

  • I'm trying to establish a set of Windows Advanced Firewall rules (client side and server side) that will restrict SMB and RDP access using IPSec. I can't get the outbound client authentication to my servers functioning. 

    The server side definitions work fine - I used the inbuilt 'File and Printer Sharing (SMB-In)' rule and only changed the 'Allow the connection if it is secure' option and entered a couple specific computers for testing. 

    When I perform the *exact* same procedure on the client using the 'File and Printer Sharing (SMB-Out) the connection fails silently. Note that these systems are both in a default deny all in both directions.  If I uncheck the  'only allow connections to these computers' option it works. 

    Operating systems in question are Server 2008 R2 and Windows 7.

    My debugging steps have included:

    Checking that the main and quick mode security associations are being created as expected. 
    Turning on the auditpol subcategories and logging as shown at http://msdn.microsoft.com/en-us/library/windows/desktop/bb736284(v=vs.85).aspx.
    It looks like I'm getting a pair - one packet drop and one  blocked connection - each time I unsuccessfully try to reach a secured resource. 
    • Edited by timbCFCA Wednesday, March 27, 2013 4:11 PM
    Wednesday, March 27, 2013 2:28 PM

All replies

  • It appears that the IPSec negotiation is occurring to to another rule which didn't have a computer listed in the only applies to section. Come on guys.. Anyone have a suggestion? 
    Tuesday, April 2, 2013 6:45 PM
  • On further investigation it appears that a similar problem was reported here back in 2011. 

    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/7b5b3ede-016d-4dec-85ce-60466a03eac3

    Anyone? 

    Tuesday, April 2, 2013 7:03 PM