Networking

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Hyper-V: Add ICMP to Stateful ACL rules

    Currently you cannot add stateful ACL rules (on a Hyper-V Virtual Switch) on the ICMP protocol.

    This leaves you to either open ICMP to everyone or close ICMP to everyone including the VM itself.

    Neither is secure or practical for such an important and basic functionality (ping).

    Doc: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v-virtual-switch/create-security-policies-with-extended-port-access-control-lists#bkmk_stateful

    So the request is simple: Create the functionality to create ICMP stateful rules.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fix default NPS firewall rules for Server 2019

    Hi all,

    I understand there is an issue with Windows Server 2019/Windows 10 1809 however I was wondering if Microsoft are aware of any problems regarding the Firewall rather than the systems handling of user files.

    Recently I setup a Server 2019 VM (1.5GB Dynamic RAM, 2 Allocated Cores, 36GB Drive space, 3GB NIC Team) and installed the NPS and RDS Gateway role onto it however I noticed that despite the NPS role adding the standard firewall rules for port 1813 and 1812 they do not seem to be working.

    I have confirmed that with an exception allowing port 1812…

    85 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  3. [Bug] Server 2019, firewall logging injects NULL bytes into file "pfirewall.log"

    When firewall logging is activated, the resulting "pfirewall.log" gets a string of about 955,868 null bytes inserted into it. The actual log line entries are there, along with 900K of null's. OS seems to fixated on making a minimum size file. Big bug somewhere.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  4. Remove Network Location Awareness from Windows Server

    Remove Network Location Awareness from Windows Server, all it does is cause problems. There is no reason to include this service in Windows Server, servers have static network settings, people do not consistently move servers to different networks. Network Location Awareness service fails way to often on reboots to find the proper network it should connect to. It then assigns the incorrect Windows Firewall to the NIC. This services needs to be removed, or we need the ability to set a static location (Domain).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  5. Windows Firewall does not always display the correct default Main Mode IPsec policy

    Bug:

    The Windows Firewall snap-in does not always show the default Main Mode IPsec policy, it shows whatever MM policy was last created or assigned.

    Expected Behavior:

    Even if there are multiple Main Mode policies (called Main Mode Crypto Sets internally), the policy with the name of '{E5A5D32A-4BCE-4e4d-B07F-4AB1BA7E5FE1}' should always be displayed as the default in the GUI because it is the default used by Windows for IPsec.

    Steps to Reproduce:

    *In the Windows Firewall snap-in you can see the current default IPsec Main Mode proposal set by going to Properties of the Windows Firewall > IPsec Settings tab >…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  6. Cannot create IKEv2 tunnel mode IPsec rules in PowerShell, but IKEv1 works just fine

    Bug:

    When creating an IPsec rule which uses the IKEv2 keying module in PowerShell, an error is thrown, but it is not likely a PowerShell error, but an underlying bug in Windows.

    Expected Behavior:

    We should be able to manage IKEv2 IPsec rules however we wish, including creating tunnel mode IKEv2 rules without using RRAS.

    Steps To Reproduce:

    In PowerShell, the following code should work (notice the KeyModule):

    -------start---------
    $P1MachineCertOnly = New-NetIPsecPhase1AuthSet -Default <rest of command not shown>

    $IPsec3Tunnel = @{

    IPsecRuleName = &#39;IPsec3&#39;
    
    DisplayName = &#39;IPsec3&#39;
    KeyModule = &#39;IKEv2&#39;
    Mode = &#39;Tunnel&#39;
    LocalAddress = &#39;192.168.1.0/24&#39;
    LocalTunnelEndpoint = &#39;192.168.1.204&#39;
    RemoteAddress
    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  7. Can you add analogue fail2ban (in linux) to windows server firewall?

    It't ve cool has an tools in OS firewall, that can ban bruteforce RDP or other port.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base