subject: Specialized Solutions Mcse 70-293 [print this page] Internet protocol filters are implemented by writing IPSec policies that contain rules with either block or permit as the filter action. These policies do not require a compatible policy on other computers because no negotiation -will occur. certification provider The policy "will just block or permit the specified protocols. The filters can be written to block or allow transmissions either leaving the computer or attempting to connect to it. Follow these guidelines when designing Internet protocol filters:
Consider using such a policy to block connections to port 80 on all servers except Web servers. Incorporate the policy in a GPO linked to the OU that includes server computer accounts.Guidelines for Designing Internet Protocol Filters
Consider using a policy to block all traffic, and then allow only certain types. 70-293 The decision on whether to block all and then allow, or just specifically block individualprotocols, will depend on the number of protocols that need to be blocked and the sensitivity of the data on the computer. A good example of such a policy is one that blocks all telnet communication.
When designing protocol filters for firewalls, the usual recommendation is to block all traffic and then open only the necessary ports. A similar approach can be used with IPSec. A policy might have one rule that specifies to block all communications and another rule that specifically allows only protocols that this specific computer requires. Care should be taken to ensure that all necessary protocols are made available.
Consider using similar policies to block or permit traffic from specific computers or ranges of IP addresses.
Consider 70-293 Exam how many protocols must be blocked. If more protocols must be blocked than permitted, rather than writing numerous filters one for each proto col to block a single rule is written that blocks all traffic, and then another rule will include a filter list with one filter for each protocol that is allowed.
When Internet protocol filters are created using IPSec policies, do not set any of the parameters that are used for negotiation because no negotiation occurs. For each rule, the block or allow filter action must be set. For each filter, the following information must be configured:
