To set Windows 2008 firewall to control VPN connection permissions

Source: Internet
Author: User
Tags firewall

In order to reduce network costs as much as possible, while not affecting the needs of mobile office, a unit decided to install a VPN server in the local area network file server, so that the unit can trust employees anywhere through the VPN network connection, access to the unit file server important data content, And this access way security can also be guaranteed, is to kill both birds! Recently, the unit has a series of very important files stored in the VPN server, the unit leaders want these files can only allow a certain employee access through the VPN connection, no other employees have access to, how to face such access needs, how can we achieve it? In fact, to achieve the above network access purposes, we can have a variety of methods to choose from; however, in the VPN server with Windows Server 2008 system installed, we can skillfully use the Advanced Security firewall built into the system to achieve more flexible control!

Realize the idea

As we know, as long as the VPN server is installed and configured in the Windows Server 2008 system, any VPN client system in the Internet network can access the data content through the "1723" port in the VPN server. Obviously, if we can do something about it, we can effectively control the "1723" port in the VPN server to enable the specified employee to have access to the important files in the VPN server. The Windows Server 2008 system provides us with the Advanced Security Firewall feature, which allows us to define inbound rules, outbound rules for accessing the VPN server as needed, and these rules allow us to authenticate network connections. In this way, we can easily grant the VPN network connection permissions to the organization-specific trusted employees; even we can set access rules to allow the VPN server to be accessed only by the specified VPN client system, ensuring that important data information is secure on the VPN server.

Control access

In order to allow only users with the specified account to access important data content on the VPN server, we can authorize specific account names to enter the VPN server and access the resources through the "1723" port in the Windows Server 2008 system, and the following are the specific implementation methods:

First log on to the Windows Server 2008 Server system as a system administrator, click the Start/program/Administrative Tools/Server Manager command in the system desktop, and then select Configure/Advanced Security firewall in the Pop-up Server Manager window. branching options;

Second, under the Target branch option, click the Inbound Rules subkey, and in the action list area to the right of the inbound Rules subkey, click the New Rule button to open the Create New Inbound Rule wizard dialog box;

Figure 1 Choosing a protocol port

When the wizard window asks us what type of rule to create, we must select the port option here so that the Windows Server 2008 Server system authenticates the packets over the VPN connection port, and when the Port option is selected, click the Next button. Open the wizard Setup interface shown in Figure 1, select the TCP protocol option in the settings interface, select the specific local port option, and then enter the default "1723" Port for the VPN server in the text box corresponding to the specific local port option;

Figure 2 Wizard Setup Interface

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.