Windows Firewall: The Series

I’ve had an idea for a while now to write a series of posts covering configuration of the Windows Firewall, including topics such as:

  • Basic configuration of various types of endpoints
  • How to utilize IPSec to control access using Kerberos identities instead of IP addresses
  • Certificate-based authentication
  • How to safely and securely make all of your infrastructure internet-facing and accessible. Yes, everything. Even Domain Controllers.

I’ll be going over a number of topics; this page will serve as the index for all of them.

A number of assumptions are made about existing infrastructure. Below, I’ve listed these and parts they are relevant to.

  • Active Directory Domain Services infrastructure (all parts)
  • Various domain-joined servers and clients (all parts)
  • Publicly-resolvable domain DNS (parts 5 and 6)
  • Domain Controllers with publicly-accessible IP addresses (parts 5 and 6)
  • Active Directory Certificate Services infrastructure (parts 5 and 6)
  • Azure AD Connect (part 6)
  • Intune-managed Azure AD joined clients (part 6)
  • Intune Certificate Connector (part 6)

In this series, I make reference to my lab configuration many times. Please see https://ajf8729.com/lab-configuration/ for more information.