Logo
PREGNANCY
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Windows Server 2008 R2 : DirectAccess Scenario (part 2) - Using a GPO to Configure Firewall Rules & Custom Certificate Template for IP-HTTPS

3/20/2011 10:29:40 PM

Using a GPO to Configure Firewall Rules

The next step is to create and enable firewall rules for ICMPv4 and ICMPv6 traffic. ICMP messages need to be sent and received to provide connectivity for Teredo-based DirectAccess clients, which is needed if the DirectAccess clients will be behind a NAT.

The ICMP firewall rules will be deployed with a GPO named “DirectAccess Group Policy Object.” To create and enable firewall rules for ICMPv4 and ICMPv6 traffic, execute the following steps:

1.
On the domain controller DC1, launch Server Manager.

2.
Expand Features, Group Policy Management, Forest: companyabc.com, Domains, and select companyabc.com.

3.
In the console tree, right-click the domain companyabc.com and select Create a GPO in the Domain and Link It Here.

4.
Enter the name DirectAccess Group Policy Object and then click OK.

5.
Right-click the DirectAccess Group Policy Object and select Edit.

6.
In the console tree of the Group Policy Management Editor, expand Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security, and select Windows Firewall with Advanced Security.

7.
In the console tree, select and then right-click Inbound Rules, and then click New Rule.

8.
On the Rule Type page, click Custom, and then click Next and Next.

9.
On the Protocols and Ports page, for Protocol Type, select ICMPv4, and then click Customize.

10.
In the Customize ICMP Settings dialog box, click Specific ICMP Types, select Echo Request, and then click OK.

11.
Click Next, Next, Next, and Next.

12.
On the Name page, in the Name field, type Inbound ICMPv4 Echo Requests, and then click Finish.

13.
In the console tree, right-click Inbound Rules, and then click New Rule.

14.
On the Rule Type page, click Custom, and then click Next and Next.

15.
On the Protocols and Ports page, for Protocol Type, select ICMPv6 (shown in Figure 2), and then click Customize.
Figure 2. ICMPv6 inbound firewall rule.

16.
In the Customize ICMP Settings dialog box, click Specific ICMP Types, select Echo Request, and then click OK.

17.
Click Next, Next, Next, and Next.

18.
On the Name page, in the Name field, type Inbound ICMPv6 Echo Requests, and then click Finish.

19.
In the console tree, right-click Outbound Rules, and then click New Rule.

20.
On the Rule Type page, click Custom, and then click Next and Next.

21.
On the Protocols and Ports page, for Protocol Type, click ICMPv4, and then click Customize.

22.
In the Customize ICMP Settings dialog box, click Specific ICMP Types, select Echo Request, and then click OK. Click Next and Next.

23.
On the Action page, click Allow the Connection, and then click Next and Next.

24.
On the Name page, in the Name field, type Outbound ICMPv4 Echo Requests, and then click Finish.

25.
In the console tree, right-click Outbound Rules, and then click New Rule.

26.
On the Rule Type page, click Custom, and then click Next and Next.

27.
On the Protocols and Ports page, for Protocol Type, click ICMPv6, and then click Customize.

28.
In the Customize ICMP Settings dialog box, click Specific ICMP Types, select Echo Request, and then click OK. Click Next and Next.

29.
On the Action page, click Allow the Connection, and then click Next and Next.

30.
On the Name page, in the Name field, type Outbound ICMPv6 Echo Requests, and then click Finish.

31.
Close the Group Policy Management Editor and Group Policy Management Console.

This new group policy will take effect on all domain computers, allowing ICMPv4 and ICMPv6 through the operating system firewall.

Custom Certificate Template for IP-HTTPS

Next, create a certificate template so that requesting computers can specify the subject name and subject alternative name of a certificate. This certificate will be used by the DirectAccess server to set up IP-HTTPS sessions.

To create and enable a custom Web Server 2008 certificate template, execute the following steps:

1.
On the domain controller DC1, launch Server Manager.

2.
Expand Roles, Active Directory Certificate Services, and select Certificate Templates.

3.
In the contents pane, right-click the Web Server template, and then click Duplicate Template.

4.
Click Windows Server 2008 Enterprise, and then click OK.

5.
In the Template Display Name field, type Web Server 2008.

6.
Click the Security tab.

7.
Click Authenticated Users, and then select Enroll in the Allow column.

8.
Click the Add button, type Domain Computers, and then click OK.

9.
Click Domain Computers, and then select Enroll in the Allow column.

10.
Click the Request Handling tab.

11.
Select Allow Private Key to Be Exported and click OK.

12.
Select the companyabc-DC1-CA in the Active Directory Certificate Services, right-click Certificate Templates, point to New, and then click Certificate Template To Issue.

13.
In the list of certificate templates, click Web Server 2008, and then click OK.

14.
Confirm that the new certificate template, Web Server 2008, is listed (shown in Figure 3).
Figure 3. Web Server 2008 certificate.

Now the certificate server will be able to issue a Web Server 2008 certificate for the DirectAccess server to use for IP-HTTPS. The certificate will be requested later in the process.
Other -----------------
- Installing Exchange Server 2010 : Deploying Active Directory from Scratch (part 3)
- Installing Exchange Server 2010 : Deploying Active Directory from Scratch (part 2) - Promoting a Windows Server 2008 Server to a Domain Controller
- Installing Exchange Server 2010 : Deploying Active Directory from Scratch (part 1) - Installing the Windows Server 2008 Operating System
- Planning Your Exchange Server 2010 Installation
- Installing Exchange Server 2010 : Understanding Role Based Access Control
- Windows Server 2008 R2 : Traditional VPN Scenario (part 5) - SSTP Troubleshooting
- Windows Server 2008 R2 : Traditional VPN Scenario (part 4) - Testing the VPN Connection & Controlling Unhealthy VPN Clients
- Windows Server 2008 R2 : Traditional VPN Scenario (part 3) - Setting Up the RRAS Server & Setting Up the VPN Client
- Windows Server 2008 R2 : Traditional VPN Scenario (part 2) - Setting Up the Network Policy Server & Configuring the Network Policy Server
- Windows Server 2008 R2 : Traditional VPN Scenario (part 1) - Setting Up the Certificate Server & Certificate Autoenrollment
- Installing Exchange Server 2010 : Understanding the Active Directory Requirements for Exchange Server 2010
- Installing Exchange Server 2010 : Understanding the Prerequisites for Exchange Server 2010
- Installing Exchange Server 2010 : Understanding the Exchange Server 2010 Server Roles
- Active Directory Domain Services 2008 : View Schema Class and Attribute Definitions
- Active Directory Domain Services 2008 : Apply Active Directory Schema Administrative Permissions
- Active Directory Domain Services 2008 : Install the Active Directory Schema Snap-In
- Microsoft Content Management Server : Deleting Objects
- Microsoft Content Management Server : Managing Resources (part 2) - Replacing Resources
- Microsoft Content Management Server : Managing Resources (part 1) - Creating Resources
- Routing with Windows Server 2003 : Configuring Packet Filters
 
 
Most view of day
- Windows Phone 8 Apps : Calendar (part 8) - The To-Do List - Completing a Task, Viewing and Reactivating Completed Tasks
- Microsoft Excel 2010 : Protecting and Securing a Workbook - Setting Document Related Security Options
- Adobe Dreamweaver CS5 : Using Library Items and Server-side Includes (part 4) - Editing a Library Item
- Microsoft Systems Management Server 2003 : Package Distribution and Management - Monitoring Status
- Windows Phone 7 : The Silverlight Controls (part 3) - Line, Polyline, and Polygon Controls
- Using COM to Develop UMDF Drivers : Basic Infrastructure Implementation
- Extending Dynamics GP with Free Software : Checking Dynamics GP spelling with Willoware
- Microsoft Systems Management Server 2003 : Custom SMS Administrator Consoles
- System Center Configuration Manager 2007 : Desired Configuration Management - Configurations
- SharePoint 2010 : Connecting and Disconnecting Servers with Windows PowerShell, Additional Functionality in SharePoint 2010
Top 10
- Microsoft Exchange Server 2013 : Working with cmdlets (part 2) - Understanding cmdlet errors, Using cmdlet aliases
- Microsoft Exchange Server 2013 : Working with cmdlets (part 1) - Using Windows PowerShell cmdlets, Using cmdlet parameters
- Microsoft Exchange Server 2013 : Using Windows PowerShell (part 2) - Running and using cmdlets, Running and using other commands and utilities
- Microsoft Exchange Server 2013 : Using Windows PowerShell (part 1) - Running and using Windows PowerShell
- Troubleshooting Stop Messages : Being Prepared for Stop Errors - Prevent System Restarts After a Stop Error
- Troubleshooting Stop Messages : Memory Dump Files (part 3) - Using Memory Dump Files to Analyze Stop Errors - WinDbg Debugger
- Troubleshooting Stop Messages : Memory Dump Files (part 2) - Using Memory Dump Files to Analyze Stop Errors - Using Problem Reports And Solutions
- Troubleshooting Stop Messages : Memory Dump Files (part 1) - Configuring Small Memory Dump Files, Configuring Kernel Memory Dump Files
- Troubleshooting Stop Messages : Stop Message Overview - Identifying the Stop Error, Finding Troubleshooting Information
- Deploying IPv6 : Planning for IPv6 Migration - Understanding ISATAP, Migrating an Intranet to IPv6
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro