[Windows Server 2008] IP Security Policy Throttling port method

★ Welcome to The Guardian God · V Classroom, website address: http://v.huweishen.com
★ Guardian God · V Classroom is a Web site dedicated to providing server instructional video for the Guardian God, updated weekly video.
★ This section we will lead you: Limit 1433 port security policy
Using security policy to restrict ports has more flexible throttling rules than Windows comes with firewalls.
This section demonstrates allowing only specific remote servers to access the local 1433 port (SQL Server service).
Operation Idea: Prohibit all users to access 1433 port, only allow individual IP access. (Security policy allows greater precedence than forbidden.)
Check

1. Add the "IP Filtering" rule
IP filtering rules are used to set which IPs need to be limited.
Open "Administrative Tools", click "Local Security Policy", select "IP security Policy, local computer"
Right-click menu, select "Manage IP filter lists and filter actions"
1) First add a "All IP" access 1433 port rule, Name: Disable all IP access 1433
2) Add a "specific IP" to access the 1433 port rule, Name: Allow specific IP access 1433

2. Add "filter action" rule
The filter action complements the IP filtering rules to clarify whether the IP that has been restricted is released or intercepted.
In the "IP Security Policy, local computer", right-click menu, select "Manage IP filter lists and filter actions"
, select "Manage Filter Actions"
Set up two rules, one release, one intercept.

3. Create an "IP security Policy" entry
Once the IP filtering and operation rules have been created, we now need to combine these rules together.
An "IP security policy" is a container that contains these rules.
In the "IP Security Policy, on local computer", right-click menu, select "Create IP Security Policy", Name: Guardian God IP
Strategy

4. Add IP filtering rules to IP Security policy
1) Add the filter rule "Disable all IP access 1433" and select the interception mode.
2) Add the filter rule "Allow specific IP access 1433" and select release mode.

Once the filter rules have been added, enabling the security policy will take effect.

If you also need more restrictive rules, first set up IP filtering rules according to process 1, and then add to the IP security policy according to process 4
"Entry.

Now that this section is over, please visit the Guardian God website (www.huweishen.com) for more instructional videos.

Reprint please indicate the source (http://v.huweishen.com/video/57.html) Thank you!

[Windows Server 2008] IP Security Policy Throttling port method