4.Windows_firewall_initial

####enable firewall VPN-Pool for new port
salt '*' cmd.run 'netsh advfirewall firewall add rule name="VPN-Pool" dir=in action=allow protocol=TCP localport=3510,3389 remoteip="xx.xx.89.192-xx.xx.89.250"'

salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 3310 /f'
salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3310 /f'

####check inbound rules
salt '*' cmd.run 'hostname && netsh advfirewall firewall show rule name=all status=enabled dir=in' | egrep "Rule Name"

##build 445 rule for all server
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP445 TCP" dir=in action=block protocol=TCP localport=445'
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP135-139 TCP" dir=in action=block protocol=TCP localport=135-139'
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP445 UDP" dir=in action=block protocol=UDP localport=445'
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP135-139 UDP" dir=in action=block protocol=UDP localport=135-139'

####enable CM to all server
salt -N 'OS-Windows' cmd.run 'netsh advfirewall firewall add rule name="CM-TO-ALL" dir=in action=allow protocol=TCP localport=3510 remoteip=xx.xx.88.197, xx.xx.88.199'

Previous3.Check_Windows_Update Next5.Normal Setting

Last updated 6 years ago

4.Windows_firewall_initial

####enable firewall VPN-Pool for new port
salt '*' cmd.run 'netsh advfirewall firewall add rule name="VPN-Pool" dir=in action=allow protocol=TCP localport=3510,3389 remoteip="xx.xx.89.192-xx.xx.89.250"'

salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 3310 /f'
salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3310 /f'

####check inbound rules
salt '*' cmd.run 'hostname && netsh advfirewall firewall show rule name=all status=enabled dir=in' | egrep "Rule Name"

##build 445 rule for all server
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP445 TCP" dir=in action=block protocol=TCP localport=445'
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP135-139 TCP" dir=in action=block protocol=TCP localport=135-139'
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP445 UDP" dir=in action=block protocol=UDP localport=445'
salt '*' cmd.run 'netsh advfirewall firewall add rule name="DROP135-139 UDP" dir=in action=block protocol=UDP localport=135-139'

####enable CM to all server
salt -N 'OS-Windows' cmd.run 'netsh advfirewall firewall add rule name="CM-TO-ALL" dir=in action=allow protocol=TCP localport=3510 remoteip=xx.xx.88.197, xx.xx.88.199'

Previous3.Check_Windows_Update Next5.Normal Setting

Last updated 6 years ago