{"id":365,"date":"2021-09-16T10:48:38","date_gmt":"2021-09-16T14:48:38","guid":{"rendered":"https:\/\/www.anthonyfontanez.com\/?p=365"},"modified":"2021-09-16T10:48:40","modified_gmt":"2021-09-16T14:48:40","slug":"windows-firewall-part-7-final-thoughts","status":"publish","type":"post","link":"https:\/\/anthonyfontanez.com\/index.php\/2021\/09\/16\/windows-firewall-part-7-final-thoughts\/","title":{"rendered":"Windows Firewall Part 7: Final Thoughts"},"content":{"rendered":"\n<p><em>phew&#8230;<\/em><\/p>\n\n\n\n<p>If you made it here, congratulations. This series ended up being much longer and more detailed than I initially anticipated. It turns out that labbing up this type of configuration is a lot of work. Who could have guessed? I even learned a few new things, and relearned a few forgotten things, along the way.<\/p>\n\n\n\n<p>If you know me from the <a rel=\"noreferrer noopener\" href=\"https:\/\/winadmins.io\/\" data-type=\"URL\" data-id=\"https:\/\/winadmins.io\/\" target=\"_blank\">WInAdmins Community<\/a>, you may have seen me mention some of the configurations I&#8217;ve described in this series. None of this comes from just a lab. These configurations are something I assisted with setting up in a production environment in the past, and it worked surprisingly well. Before you make any assumptions, it wasn&#8217;t driven by the COVID-19 pandemic; IPSec was something already heavily utilized in the environment, and this just became the next step, at least up to part 5.<\/p>\n\n\n\n<p>Part 6 is my most recent idea to take all of the previous configuration to the next level. I&#8217;ve only recently started the journey in learning how a modern-managed world functions, and the idea of Azure AD joined clients managed by Intune. Whenever I thought about these, my mind always went directly to remote endpoints, that were otherwise off the &#8220;internal&#8221; network. It was here where I realized that certificate authentication could be utilized across the board, and there can actually exist a configuration where all on-premises resources are truly accessible from anywhere.<\/p>\n\n\n\n<p>I&#8217;m sure most will compare all of this to a tradition VPN connection, and see that as the easier\/better configuration. I view it as just another possibility. Weigh the pros and cons of each configuration, and do what you see fit. I&#8217;m also aware that the idea of <strong>&#8220;Internet-facing Domain Controllers&#8221;<\/strong> (I love this line) scares most, if not all, IT security professionals, but this just shows and proves that yes, it can be done, and no, &#8220;internet-facing&#8221; does not equal &#8220;accessible to everything&#8221;. The Windows Firewall is extremely powerful, and in my opinion, extremely underused.<\/p>\n\n\n\n<p>Thanks for coming to my Ted Talk. If you made it all the way here, tweet me your favorite emoji: <a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/intent\/tweet?text=@ajf8729\" data-type=\"URL\" data-id=\"https:\/\/twitter.com\/intent\/tweet?text=@ajf8729\" target=\"_blank\">@ajf8729<\/a><\/p>\n\n\n\n<p>-Anthony<\/p>\n","protected":false},"excerpt":{"rendered":"<p>phew&#8230; If you made it here, congratulations. This series ended up being much longer and more detailed than I initially anticipated. It turns out that<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11],"tags":[10],"class_list":["post-365","post","type-post","status-publish","format-standard","hentry","category-misc","tag-misc"],"jetpack_featured_media_url":"","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/posts\/365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/comments?post=365"}],"version-history":[{"count":3,"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/posts\/365\/revisions"}],"predecessor-version":[{"id":390,"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/posts\/365\/revisions\/390"}],"wp:attachment":[{"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/media?parent=365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/categories?post=365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anthonyfontanez.com\/index.php\/wp-json\/wp\/v2\/tags?post=365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}