Specifying Network Profiles
Posted by Will Kruss on 01 June 2016 10:41 PM
|
|
Specify Network Profiles (Domain, Public, Private) associated with Windows Firewall settings for your Windows servers. In Windows if you have an internal network adapter, and an external network adapter and make the server a domain controller, it will automatically make both NICs part of the domain profile (which allows everything in the firewall restrictions). To stop this what we recommend is you make keep your internal network adapter as your domain profile, and make your external network adapter (the one that connects to the internet) a member of the public profile. To do this go to the Windows Advanced Firewall and create a rule which blocks UDP on port 389 for the external subnet range (e.g. 203.143.x.x) both incoming and outgoing. This will prevent Windows from being able to resolve the NIC to a domain and therefore mark it as public.
| |
|