DirectAccess 2012 - Public Profile Blocking Access to Domain Profile RRS feed

  • Question

  • Hi,

    Been struggling to find information out about this so I was wondering if anyone has come across it.

    My understanding is the public firewall is always first one to activate. If windows can detect its on the domain is a part of it will activate the domain profile.

    However, I have had to set public profile: block all outgoing connections.

    This stops it going into domain profile mode.

    I can't find a list of all the specific exception rules I need to add to the public profile  in order to allow the right traffic out so it will go into domain profile.

    i.e. I don't just want to allow all traffic going to xx IPs. I would rather do process on xx port going to xx IP

    Any ideas?

    Saturday, May 23, 2015 7:03 AM

All replies

  • Hi,

    Maybe I shouldn't ask, but why do you want to block all outbound traffic through a public profile?

    Anyway, there is just one other thing. Normally with internal network connectivity you are right, when a Domain Controller is detected it will switch to a Domain Profile. But with DirectAccess connectivity, that isn't the case. It will stay Public (or Private if you set that manually). Because in fact it is another (RAS) interface that makes the DirectAccess connection.

    And when you want to configure inbound Access Rules for DirectAccess Manage-Out capabilities, you should also use Public and Private Profiles in those Access Rules.

    Boudewijn Plomp | BPMi Infrastructure & Security

    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".

    Saturday, May 23, 2015 9:38 PM