Windows Firewall: Cannot establish Network Isolation - Require Inbound Require Outbound for Domain Controller

gf flag

I have a Domain Controller, and I wish to establish network Isolation with Windows Firewall, Connection Security Rules.

  • When the DC Authentication is set to Request Inbound, Request Outbound, using the Default method.
  • And the workstation Authentication is set to Require Inbound, and Request Outbound using the Default method.
  • The connection works, I can see in Windows Firewall > Monitoring > Security Associations > Main and Quick mode that there are connections.

However when DC Authentication is set to Require Inbound. Require Outbound, using the Default method. I cannot see any connections in the Main and Quick modes.

So, I don't see what security I gain when DC is using Request Inbound Request Outbound. Because any workstation can connect to it, even if that workstation has no connection security rule.

I think in order to get Network Isolation for the DC, the Authentication needs to be set at Require Inbound Require Outbound. Am I correct?

I am just hoping that Network Isolation is achievable, it seems to promise that nobody outside the domain can talk to the DC. Hence, no data leaks, no RATs etc.


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.