Networking
-
Hyper-V: Add ICMP to Stateful ACL rules
Currently you cannot add stateful ACL rules (on a Hyper-V Virtual Switch) on the ICMP protocol.
This leaves you to either open ICMP to everyone or close ICMP to everyone including the VM itself.
Neither is secure or practical for such an important and basic functionality (ping).
So the request is simple: Create the functionality to create ICMP stateful rules.
7 votes -
Fix default NPS firewall rules for Server 2019
Hi all,
I understand there is an issue with Windows Server 2019/Windows 10 1809 however I was wondering if Microsoft are aware of any problems regarding the Firewall rather than the systems handling of user files.
Recently I setup a Server 2019 VM (1.5GB Dynamic RAM, 2 Allocated Cores, 36GB Drive space, 3GB NIC Team) and installed the NPS and RDS Gateway role onto it however I noticed that despite the NPS role adding the standard firewall rules for port 1813 and 1812 they do not seem to be working.
I have confirmed that with an exception allowing port 1812…
85 votes -
[Bug] Server 2019, firewall logging injects NULL bytes into file "pfirewall.log"
When firewall logging is activated, the resulting "pfirewall.log" gets a string of about 955,868 null bytes inserted into it. The actual log line entries are there, along with 900K of null's. OS seems to fixated on making a minimum size file. Big bug somewhere.
1 vote -
Remove Network Location Awareness from Windows Server
Remove Network Location Awareness from Windows Server, all it does is cause problems. There is no reason to include this service in Windows Server, servers have static network settings, people do not consistently move servers to different networks. Network Location Awareness service fails way to often on reboots to find the proper network it should connect to. It then assigns the incorrect Windows Firewall to the NIC. This services needs to be removed, or we need the ability to set a static location (Domain).
6 votes -
Windows Firewall does not always display the correct default Main Mode IPsec policy
Bug:
The Windows Firewall snap-in does not always show the default Main Mode IPsec policy, it shows whatever MM policy was last created or assigned.
Expected Behavior:
Even if there are multiple Main Mode policies (called Main Mode Crypto Sets internally), the policy with the name of '{E5A5D32A-4BCE-4e4d-B07F-4AB1BA7E5FE1}' should always be displayed as the default in the GUI because it is the default used by Windows for IPsec.
Steps to Reproduce:
*In the Windows Firewall snap-in you can see the current default IPsec Main Mode proposal set by going to Properties of the Windows Firewall > IPsec Settings tab >…
7 votes -
Cannot create IKEv2 tunnel mode IPsec rules in PowerShell, but IKEv1 works just fine
Bug:
When creating an IPsec rule which uses the IKEv2 keying module in PowerShell, an error is thrown, but it is not likely a PowerShell error, but an underlying bug in Windows.
Expected Behavior:
We should be able to manage IKEv2 IPsec rules however we wish, including creating tunnel mode IKEv2 rules without using RRAS.
Steps To Reproduce:
In PowerShell, the following code should work (notice the KeyModule):
-------start---------
$P1MachineCertOnly = New-NetIPsecPhase1AuthSet -Default <rest of command not shown>$IPsec3Tunnel = @{
…IPsecRuleName = 'IPsec3'
DisplayName = 'IPsec3'
KeyModule = 'IKEv2'
Mode = 'Tunnel'
LocalAddress = '192.168.1.0/24'
LocalTunnelEndpoint = '192.168.1.204'
RemoteAddress5 votes -
Can you add analogue fail2ban (in linux) to windows server firewall?
It't ve cool has an tools in OS firewall, that can ban bruteforce RDP or other port.
3 votes
- Don't see your idea?