Configure Windows Firewall ACL Rules

In this IT Pro Challenge, learners will understand how to use Group Policy Management to disable an inbound rule, how to change the Default Web Site HTTP binding from one port to another, and use Group Policy Management once more to create a new inbound firewall rule and use the Windows PowerShell New-NetFirewallRule cmdlet to create a new firewall rule. Learners will verify their work using the wget command on a Linux virtual machine. The skills acquired in this virtual lab are beneficial for those pursuing a career as a network or system administrator.

Overview

The scenario for this hands-on lab is that you are a system administrator, and your company servers run Windows Server 2016. Your job is to control inbound/outbound network traffic for a particular server. To accomplish this, you will configure Windows Firewall rules and settings using the graphical user interface (GUI). Next, you will use the Windows PowerShell New-NetFirewallRule cmdlet to create a new Windows Firewall rule to allow the incoming traffic destined for the TCP port. You will use two virtual machines: One running Windows Server 2016 and the Linux virtual machine.

By taking this lab, you will learn how to use the ping command to obtain a host machine’s IP address and use Wireshark to analyze ping traffic. You will understand how to configure default Domain Group Policies to block the default inbound rule, how to configure a web server to listen to a specific port, change the IIS website HTTP binding on different ports, and as a result, you will learn the use of the wget command. Additionally, you will gain a good understanding of the inbound and outbound firewall rules for both Windows and Linux, as well as good usage of Access Control Lists (ACL) Rules that are available in Windows 10 for Active Directory domain-joined computers.

This lab also shows you how to create a new firewall rule for all network profiles and configure it to allow incoming connections on a specific TCP port. By working with TCP rules, you also learn about firewall rule configuration.

Block inbound traffic

You will start by using Group Policy Management on the IIS web server to disable an inbound rule. You will then use the wget command to connect to the default IIS website.

The Group Policy Management Console (GPMC) allows system administrators to implement configurations and apply security settings for Active Directory users and computers.

Configure the IIS web server to listen on port 81

Now you are going to change the Default Web Site HTTP binding from one port (80) to the other (81).

Generally speaking, port 80 is the HTTP port; it’s the port used when a computer sends/receives messages from a web server and is used to send/receive HTML pages. Port 81 (TCP/UDP) can be used to run web services.

Configure a firewall rule using the GUI

In this step, you are going to use Group Policy Management on the IIS web server to create a new inbound firewall rule that allows connections on port 81. You will verify the rule on the Linux virtual machine by using the wget command to connect to port 81 on the IIS web server.

The wget command is a command-line utility that can be used to download files from the internet.

Configure the web server to listen on port 82

On the IIS web server, you will change the Default Web Site HTTP binding from port 81 to port 82. Using the Windows PowerShell New-NetFirewallRule cmdlet to create a new firewall rule that allows incoming traffic for port 82. Then, on the Linux virtual machine, you will use the wget command to verify that you can connect to port 82 on the IIS web server.

Summary Conclusion

By taking this hands-on lab, you will learn how to control inbound/outbound traffic, modify the IIS web server listening port, use the GUI to configure a firewall rule, and use the Windows PowerShell New-NetFirewallRule cmdlet.