One of my clients have raised a requirement to implement outbound firewall rules on all their servers.
Current Environment
The environment is built on the AWS cloud. All the servers run Windows Server 2008 Base and Windows Server 2008 R2 Operating systems. All the servers have internet access and public IP address. The inbound traffic is controlled using the Amazon firewall.
Requirement
My client's requirement is to block all the out going traffic from all the servers except the application access to the Facebook app via a proxy server. To be more precise, the application traffic through a specified port should reach only the proxy server.
What I did
I created the following rules in the Windows Firewall.
Rule 1–> App access –> Via port XXXX –> allowed only to the proxy server IP XXX.XXX.XXX.XXX/32
Rule 2 –> All other access –> Via the same port XXXX —> To be blocked to all the ip address XXX.XXX.XXX.XXX/0
What was the result
When I apply this rule, the 'Deny Rule' takes priority and blocks all the access, thereby blocking the proxy server also. When I remove the deny rule, the outbound traffic flows to all the IP address
Solution I need
I need to block the outbound traffic on the specified port to all the IP address except the proxy server's IP. How do I achieve this
Please let me know your suggestions.
Best Answer
Go to your Allow rule and click "Properties". Go to the "Scope" tab and select "These IP Addresses" and enter your Remote IP in there. This should allow that rule to only work with the IP address(es) you specify.
You then need to change your default rule "Outbound Rule That Do Not Match Rule" to deny outbound connections that don't match your rule for the appropriate zone (which I would assume is Public in this case). This will deny all outbound connections except for the one you've stated in your "Allow" rule.