Windows Firewall: Cannot establish Network Isolation - Require Inbound Require Outbound for Domain Controller

I have a Domain Controller, and I wish to establish network Isolation with Windows Firewall, Connection Security Rules.

• When the DC Authentication is set to Request Inbound, Request Outbound, using the Default method.
• And the workstation Authentication is set to Require Inbound, and Request Outbound using the Default method.
• The connection works, I can see in Windows Firewall > Monitoring > Security Associations > Main and Quick mode that there are connections.

However when DC Authentication is set to Require Inbound. Require Outbound, using the Default method. I cannot see any connections in the Main and Quick modes.

So, I don't see what security I gain when DC is using Request Inbound Request Outbound. Because any workstation can connect to it, even if that workstation has no connection security rule.

I think in order to get Network Isolation for the DC, the Authentication needs to be set at Require Inbound Require Outbound. Am I correct?

I am just hoping that Network Isolation is achievable, it seems to promise that nobody outside the domain can talk to the DC. Hence, no data leaks, no RATs etc.