How to block traffic from one network to another through windows server 2019?

L

lexalex19832020-10-08 23:00:03

firewall

lexalex1983, 2020-10-08 23:00:03

How to block traffic from one network to another through windows server 2019?
tried through a firewall rule, specifying "local ip adress" and "remote IP adress" - but it didn't help.. is there a normal firewall there? so that you can simply indicate:
where - where - and what to do with it. or is there a firewall only for inside / from Windows itself?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexey Dmitriev, 2020-10-08
@SignFinder

Good question - was stumped, and the labs are not at hand to look.
Transit traffic / routing with settings in Windows Server is controlled by the Remote Access (RRAS) role. you can install it and dig.
But most likely you are right - "there is a firewall only for inside / from Windows itself"

M

mvv-rus, 2020-10-09
@mvv-rus

In addition to the built-in firewall (which handles local traffic by default), Windows has packet filters in RRAS. This is a more primitive tool: they can only block or allow all traffic except those specified in the exclusion list, they are configured for a specific interface, they work only in one direction (filters are separate for incoming and outgoing traffic), they do not track sessions (but there is a possibility selective blocking of TCP connection packets). But I think filters are enough to solve your problem.
Access to filter settings is in the properties of each interface in the General node for IP protocols (v4 and v6).
In your case, on the interface of each network, in the settings of the incoming filter, you should specify that you need to pass all traffic, except for traffic directed to another network (specify the address and mask of this network in the exceptions).