none
Windows 10 firewall settings RRS feed

  • Întrebare

  • Hi

    On Windows 10 we would like to block all outbound traffic except to certain remote outbound IP addresses. On windows firewall I have created a rule that blocks all 80 and 443 traffic. And then I have created a new rule allowing to pass 80 and 443 traffic only to specific remote IP addresses. But it doesn't work, I looks like block_rule override allow rule. 

    Am I doing something wrong or are there any other approaches ?

    Thank you in advance

    Mike

    joi, 12 septembrie 2019 14:21

Răspunsuri

Toate mesajele

  • Hello Mike,

    In firewall, whether in the inbound or outbound rules, the priority of the block is higher than allow.

    So if you create a block rule and then create an allow rule for the same content, the allow rule will not take effect.

    For your problem, you can create a block rule that writes all IP addresses except the specific allowed IP address to the Scope.

    For example, your rule only allows traffic to be passed to a remote IP address of 192.168.2.50. You can set the rules as shown below.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    vineri, 13 septembrie 2019 01:47
  • Hi Leon

    Thank you, but this doesn't work. I have created a block rule for port 80 and under 'remote ip addresses' I added IP that I want to have access to but it doesn't work. It still blocks all traffic.

    Regards,

    Mike

    vineri, 13 septembrie 2019 13:14
  • Hello Mike,

    " under 'remote ip addresses' I added IP that I want to have access to but it doesn't work "

    If you want to make an IP address accessible, you should exclude this IP address and add all other IP addresses under "Remote IP Address".

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    luni, 16 septembrie 2019 01:53
  • Hi Leon

    Sorry, but I don't uderstand right how to do this. My goal is to block all HTTP and HTTPS traffic but allow access to certain web pages.

    Can you please point me for example how to configure Windows firewall that will:

    - block ALL outbound HTTP and HTTPS traffic and

    - allow HTTP and HTTPS traffic ONLY TO IP 193.2.4.17

    Thank you in advance

    Regards,

    Mike

    miercuri, 18 septembrie 2019 06:47
  • Hello Mike,

    Please follow the steps in the pictures below:

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    joi, 19 septembrie 2019 09:06
  • Hi Leon

    Thank's again. I followed your instructions and i works now.

    I am wondering if it is possible (with build-in-windows-firewall) to block all HTTP and HTTPS traffic and add exclusions to DNS list like *.microsoft.com ? In that case firewall will block all HTTP and HTTPS traffic and allowing only to access sites on *.microsoft.com ?

    Can this be done with Windows Firewall or do we need 3rd party solution ?

    Best regards,

    Mike

    vineri, 20 septembrie 2019 13:25
  • Hi Mike,

    If you want to achieve this via build-in-windows-firewall, you need to know all the IP addresses of *.microsoft.com and then exclude those IP addresses.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    luni, 23 septembrie 2019 03:22
  • Hi Leon

    Thanks again. Yes, you're right, but we have a list of server that will need to bo accessible all the time and this list is changing from time to time. So if we enter IP addresses we need to check from time to time if there are any new servers added or removed and than change this on firewall, so adding a *.domain.com will be more simple. Do you know any other 3rd party firewall that we can install on client that will give us this kind of feature ?

    Regards,

    Mike

    luni, 23 septembrie 2019 06:30
  • Hi Mike,

    Yes, this is not a good method.

    And please note: Here is a Windows forum where we don't evaluate or discuss third-party products.

    Besides, I don't know which three-party product can achieve your purpose.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    luni, 23 septembrie 2019 06:53
  • Hi Leon

    Thanks !

    Regards,

    Mike

    luni, 23 septembrie 2019 07:23
  • You are welcome, Mike.

    And if the above reply helps you, please mark it as answer. This helps keep the forum active and helps people who have the same problem find answers faster.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    luni, 23 septembrie 2019 09:17