How to leave the program access only to a specific ip?

M

Mad_runner2019-10-28 11:27:26

System administration

Mad_runner, 2019-10-28 11:27:26

There is software with which several users work, there is a server part of this software. Accordingly, on the server (windows) there are common files with which users work. I need to configure the firewall (windows) on computers in such a way that the software can connect to the server, but cannot connect to the Internet and other servers on the local network.
At the moment, I did it this way: I set up an IPsec tunnel between the client and the server (via GPO), a firewall rule was created on the client to allow a secure outgoing connection of this software only to a specific server, on the server, respectively, the same rule only for incoming connection.
Questions:
1. Is this a normal solution? (on clients, the firewall is configured by default, i.e. all outgoing connections are allowed, can the program transmit something to the Internet with such settings?).
2. Can there be any other options to solve this problem?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

res2001, 2019-10-28
@res2001

Usually, if you need to protect some software from the local network as much as possible (or vice versa), then allocate computers with this software into a separate IP subnet, this subnet is driven into a separate VLAN. In order for this subnet to be able to somehow connect to the necessary resources at the border, a closed firewall is configured. In the firewall, allow rules are configured only for the necessary resources, the rest of the traffic is blocked. The firewall can be raised on a virtual machine if you already have a virtual infrastructure deployed on your network.
Those. the subnet in a local area network turns out. Access to the subnet and back occurs exclusively through an intermediate internal firewall.