We have a 2008 R2 server hosted in a data centre where we have no physical access but connect to it using RDP.
We plan to run SQL Server and some other services which should only be accessible to a limited number of static WAN IP addresses.
Unfortunately there is no Firewall Appliance at the perimeter so we only have Windows Firewall to rely upon.
The plan I have is to block everything inbound except those select whitelisted IP addresses.
After reading from various articles about MMC Snap-in, Windows Firewall, IPSec etc I then stumbled upon a post here: https://serverfault.com/a/51223/214935
This led me to believe that if I create a new Inbound Rule perhaps called 'Global Whitelist' which contained those specific/trusted IP Addresses, if I then disabled all the other inbound rules then everything else would become blocked.
Frankly, it sounds like a plan but it honestly scares me because if I screw this up, I kill our only access to the server.
I wouldn't have posted a new question if I had been able to post a comment on the above thread but being new here, my reputation is too low 🙁
I simply need to clarify if the above should work or if perhaps I'll end up severing our only connection to the server.
Perhaps there is a better/cleaner/easier way to achieve the same results. Can anyone help?
Best Answer
2 inbound rules:
1) allow RDP restricted by external IPs (your whitelisted IPs)
2) block everything.
Verify in a test environment that desired effect is achieved, then drop in place. Mind you, this will not prevent those servers from making outbound connections to non-whitelisted machines due to the nature of stateful firewalls.