Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, September 16, 2013 2:45 PM | 4 votes
Hi
Can you please explain what do these sets mean according to firewall?
Is there a documentation?
Thanks!
Любовь долготерпит, ...
All replies (6)
Wednesday, September 18, 2013 9:17 AM
Hi,
I failed to find a document for explaining all these options. But here is an article which provided some instructions. Hope it will help:
http://www.windowsecurity.com/articles-tutorials/firewalls_and_VPN/Windows-Server-2008-Firewall-Advanced-Security-Part1.html
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Specifically it mentioned "The Predefined set of computers option allows you to select from a number of infrastructure servers, such as DHCP, DNS, WINS and default gateway, so that machines that can’t authenticate can be exempted from authenticating with these infrastructure servers."
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected].
Monday, September 23, 2013 11:47 AM
Is there any progress? Please just let us know.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected].
Tuesday, September 24, 2013 12:58 PM
Looks like "Intranet" means all subnets of your AD Sites. And "Internet" is the opposite of an "Intranet". Couldn't figure out what "Remote Corp Network" and "PlayTo Renderers" means. Thanks.
Любовь долготерпит, ...
Wednesday, August 13, 2014 1:36 AM
Looks like "Intranet" means all subnets of your AD Sites. And "Internet" is the opposite of an "Intranet". Couldn't figure out what "Remote Corp Network" and "PlayTo Renderers" means. Thanks.
Любовь долготерпит, ...
Doesn't appear so, I am still getting traffic pass through my firewall after from a subnet that I have removed from AD Sites. :( I've looked everywhere for an answer to this, but no go. Does anyone know?
Friday, August 15, 2014 11:05 PM
I'm looking for an answer to this very question as well. Surely the meaning of the predefined sets must be defined somewhere.
Tuesday, November 10, 2015 5:37 PM
I also have not been able to find any documentation for the Internet and Intranet predefined set of computers in Windows Firewall with Advanced Security.
I've done some tests in a network that has the following zones and network subnets:
- LAN - 192.168.1.0/24
- DMZ - 192.168.2.0/24
- WLAN - 192.168.3.0/24
- WAN - public Internet addresses
The corporate firewall allows ping from LAN to all other zones.
On a Windows 8.1 or Windows 10 PC connected to the LAN subnet you do the following in Windows Firewall with Advanced Security:
If you create an outbound rule that blocks ping (ICMPv4) and has the remote scope = Internet,
then the PC cannot ping the hosts in the WAN zone as well as hosts on the DMZ subnet and WLAN subnet, while it can ping hosts on the LAN subnet.
If you create an outbound rule that blocks ping (ICMPv4) and has the remote scope = Intranet,
then the PC cannot ping the hosts on the LAN subnet, while it can ping all other subnets.
So, from that test I'd say that for WFAS the Intranet is actually the local subnet while the Internet means "all subnets except the local subnet".
-- rpr.