Windows R2 IP Security policy settings

Source: Internet
Author: User
Tags domain name server file transfer protocol

Win+r-->secpol.msc--Enter open the Security Policy Management Console

On the left column, click IP Security Policy on the local computer.

Right-click to create IP Security policy.

Next-fill in the name and description-Next ... Complete

Double-click the entry you just created to open the server security Policy property.

Click Add to create a new rule,

Click Add once again, add a filter, this filter we named close to use to match and close all ports, click Add, here you can use the wizard step by step settings, you can use the default settings,

(Mirror, source address: Any IP address, destination address: Any IP address, protocol type: Any, ... )

Complete the Settings confirmation filter list, and in the new rule properties step to select the close that you just established.

Click the Filter Action tab to set the filter action,


Click Add to add a filter rule. Use the wizard to create a filter rule (name: Close, Action behavior: block, complete) and then select the rule that you just added,

Click Connection type settings, connection type, general we here Select All network connections or remote access (because our company's servers are group on a LAN, in order to facilitate the LAN machine to access any port so generally choose remote access, of course, we can also restrict all network connections, You can also specify an IP or IP segment in the tunnel settings behind an open port or an open network. But because I often fail to set the IP segment, I can only ask someone in need to check the information of the tunnel setup. )

Click Apply at this time. And off on it, this time the setting is to prohibit all the ports of our computer. So the next step is to set a rule to open all the ports that need to be used. Of course, because we have not yet assigned to use this time security policy has not yet taken effect.

Next we add a rule to the security policy properties:

The name is named Open and an IP filter list is added.

In the IP filter list Use Add to add the ports we need to open, here I am using the usual 80 port as an example to simply write down the process.

Click Add in the IP Filter list interface, add using the Add Wizard,

Description: Web

Mirror: (Here you can tick the image after all, we sometimes need to call some other people's WebService in the project or open some Web pages to view the material)

SOURCE Address: Any IP address

Destination Address: My IP address

Protocol type: TCP

To set the IP protocol port:

From any port to this port (80)

Add complete (You can continue to add other services to the port according to your needs, the end of the article I will write some common interface list)

Confirm the IP filter list and select the rule that you just established in the new Rule window.

Click the Filter Action tab,

Add a new filter action:

Name (Open), Behavior: License

Complete the Create filter action and select the filter action you just created.

Click the Link Type tab to set the link type for the open port (all networks are generally selected here).

This is basically a paragraph, complete the local Security policy settings, only need to right-click on the list of IP security policies of their own filters assigned to it.

List of common ports:

21 Ports: 21 ports are primarily used for FTP (file Transfer Protocol, document Transfer Protocol) services.
23 Port: 23 port is primarily used for Telnet (remote login) services and is a common logon and emulator on the Internet.
25 Ports: 25 ports are open for SMTP (Simple Mail Transfer Protocol, Easy message Transfer Protocol) servers, primarily for sending mail, and today most mail servers use the protocol.
53 Port: Port 53 is open for DNS (domain name server, nameserver) server, mainly used for domain name resolution, and DNS service is the most widely used in NT system.
67, 68 ports: 67, 68 ports are ports that are open for bootstrap Protocol Server (Bootstrapper Protocol Service side) and bootstrap Protocol client (Bootstrapper protocol clients) for BOOTP services respectively.
The 69 port is open for TFTP (trival file tranfer Protocol, Secondary File Transfer Protocol) service, and TFTP is a simple File Transfer protocol developed by Cisco, similar to FTP. However, compared to FTP, TFTP does not have complex interactive access interfaces and authentication controls that are suitable for data transfer between clients and servers that do not require a complex switching environment.
79 Port: 79 port is open for the finger service, mainly used to query the remote host online users, operating system type and whether buffer overflow and other user details.
80 Ports: 80 ports are open for HTTP (Hypertext Transport Protocol, Hypertext Transfer Protocol), which is the most used protocol for surfing the Internet, primarily for protocols that transmit information on the WWW (World Wide Web) service.
99 Port: 99 port is used for a service called "Metagram Relay" (sub-countermeasure delay), the service is relatively rare, generally not used.
109, 110 Port: 109 port is open for POP2 (post Office Protocol Version 2, Post Offices Protocol 2) service, 110 port is open for POP3 (Mail Protocol 3) service, POP2, POP3 are mainly used to receive mail.
Port 111: Port 111 is a port that is open by the Sun's RPC (remote Procedure Call) service, primarily for internal process communication of different computers in a distributed system, and RPC is an important component in a variety of network services.
113 Ports: 113 ports are primarily used for Windows "Authentication Service" (authentication services).
119 Ports: 119 ports are open for "Network news Transfer Protocol" (Web newsgroup Transfer Protocol, or NNTP).
135 Ports: 135 ports are primarily used by RPC (remote Procedure call, Remoting) protocol and provide DCOM (distributed Component Object Model) services.
137 Ports: 137 ports are primarily used for the NetBIOS name Service (NetBIOS naming services).
139 Ports: 139 ports are provided for "NetBIOS Session service" and are primarily used to provide Windows file and printer sharing and Samba services in UNIX.
143 Port: 143 port is primarily used for "Internet Message Access Protocol" V2 (Internet Messaging Protocol, abbreviated as IMAP).
161 Ports: 161 ports are used for "Simple Network Management Protocol" (Simplified Web Management Protocol, referred to as SNMP).
443 Port: Port 443 is a web browsing port, primarily for HTTPS services, and is another HTTP that provides encryption and transmission over a secure port.
554 Port: 554 port is used by default for "real Time streaming Protocol" (live streaming protocol, or RTSP).
1024 Port: 1024 port is generally not fixed assigned to a service, the explanation in English is "Reserved" (reserved).

Http://i.cnblogs.com/default.html?postid=4526839&update=1

Windows R2 IP Security policy settings

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.