I want to secure a Remote-Desktop server farm (running on Windows Server 2019). I run multiple servers with different roles (as Active Directory, Connection Broker, RD Gateway, …).
Now I want to setup the firewall so that only the 443 port of the RD Gateway is available from the internet. All other servers should be unavailable.
My idea was to create a firewall rule, that blocks all incoming traffic except from the computers, which are members of the domain – but I don't know how to realize that.
Things I DONT want:
-
Allow all incoming traffic from the domain members – the default windows firewall rules should persist
-
Manually specify all IP addresses which should be allowed to access the servers
-
Delete all preset firewall rules and set all rules manually per protocol, port and IP
I hope you can help me out with this.
Best Answer
For IPv4 there is an easy solution : Add firewall rules that block all incoming connections from any IP address range that is not in your segment.
You may need to add two rules for the ranges. One for
1.1.1.1up to your IP segment, and another for the IP following your segment and up to the end of the Internet.