Can you restrict access to ports via subnets in Windows Firewall??

[Guest]

Hi,

I have a client who has asked us to restrict incoming access to all ports
(be it ports currently listed in Windows Firewall, or new ports that may be
added later) to only the subnets that relate to their network. This is for
users with laptops/tablet PCs that may travel across the country and stay in
hotels.

I'm trying to find out if it is possible to set this up via Group Policy,
and also if it is possible to apply this setting on a global level to
encompass all current and future ports??

Any assistance is appreciated
Regards
Adam Galvin

 

[Miha Pihler [MVP]]

In general, I believe you could do this, either with IPSec filters or
Windows Firewall...

Can you write down more specifically what you need to work/block and under
what conditions?

 

[Guest]

Hi,

All the client has requested is that we apply a global policy (if possible)
that will block all incoming traffic on all ports, except for the subnets
that we specify. They would also like this policy to encompass the ports
that are currently listed within the SOE, as well as any new ports that may
be added at a later date.

 

[Miha Pihler [MVP]]

Hi Adam,

Yes, that is possible with e.g. IPSec policies. You can write these policies
and deploy them to clients using Group Policies.

Here is an article that goes in-depth on how to create these policies.

How to block specific network protocols and ports by using IPSec
http://support.microsoft.com/kb/813878

Let me know if you need more help with this.