Re: Firewall issues on dual NIC server

The firewall in Windows Vista and Server 2008 applies a single policy to the entire machine. The firewall/IPsec engine thinks at the IP layer, not at the NIC layer.

While I haven't tried this personally, here's a thought. Configure an inbound rule that permits all traffic from your internal subnet and another rule that permits only HTTP from all addresses.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Scott S." <ScottS@xxxxxxxxxxxxxxxx> wrote in message news:3B68E2FD-6A49-467A-8594-657D11E874A0@xxxxxxxxxxxxxxxx
I'd already looked at that.
In my Windows Server 2008 machine, it lists:
* Local area network
* Remote access
* Wireless
So it doesn't seem to help me when I want to apply the rules to only one of
two NICs, because they are both consider a LAN.

"Daniel Petri <MVP>" wrote:

First of all, are you sure you didn't delete any of the default FW rules? I
would restore to defaults by using the Windows FW with Advanced Security
context menu.

As for your question - each rule has an advanced tab. In it, you can click
on the Interfaces Customize button, and bingo.

--
Sincerely,

Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il

"Scott S." <ScottS@xxxxxxxxxxxxxxxx> wrote in message
news:16856728-3592-437B-9EF9-FF38BD21030F@xxxxxxxxxxxxxxxx
> I've just setup a new Windows Web Server 2008 machine.
> I installed the OS and joined it to my domain, setup some shared > folders
> and
> copied some files on to it. I had it running really well on the LAN.
> Then I insttaled a 2nd NIC which I connected directly to our external
> router
> and assigned it a static internet IP.
> I could see the preliminary "under construction" website and things > were
> looking good. I then ran a port scan on the external IP and it had > lots
> of
> stuff open.
> I went into "Windows Firewall with Advanced Security" and found LOTS of
> rules to allow "Core Networking" and "File and Printer Sharing". The > Core
> networking stuff looked fine, but the "File and Printer Sharing"
> definitions
> existed 3 times each, one for each profile "Private", "Domain", and
> "Public".
> So I remeoved the Public versions of each of those.
> The the port scan only showed port 80 open ... again I thought all was
> well.
> But now I can no longer find that machine or access its shares from the
> LAN
> NIC!
> But it can get to the other machines on the LAN.
>
> Network and Sharing center shows the LAN NIC and a "Domain network" > with
> "Local only" access and the Internet NIC as "Public network" with > "Local
> and
> Internet" access. It also shows Network discovery as "Custom" and File
> sharing a "On".
>
> I tried turing the firewall off for the Private and Domain profiles, > but
> it
> makes no difference. No matter what I try, and I've tried a lot, I get
> one
> of 3 things:
> 1) Nothing works
> 2) Everything works but leaves lots of open ports it Internet
> 3) Internet access is perfect but inbound LAN access doesn't work,
> outbound
> ok.
>
> Does anybody know how to get the firewall to either guard just the
> Internet
> NIC, or how to have different rules for each NIC?

.

Loading