block a single computer from surfing on the internet
TRANSCRIPT
-
7/30/2019 Block a Single Computer From Surfing on the Internet
1/26
I. Block a single computer from surfing on the InternetTo configure a single computer follow these steps:
Configuring IP Filter Lists and Filter actions
1. Open an MMC window (Start > Run > MMC).
2. Add the IP Security and Policy Management Snap-In.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
2/26
3. In the Select which computer this policy will manage window select the local computer (or any other policy
depending upon your needs). Click Close then click Ok.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
3/26
4. Right-click IP Security Policies in the left pane of the MMC console. Select Manage IP Filter Lists and Filter
Actions.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
4/26
5. In the Manage IP Filter Lists and Filter actions click Add.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
5/26
6. In the IP Filter List window type a descriptive name (such as HTTP, HTTPS) and click Add to add the new filters.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
6/26
7. In the Welcome window click Next.
8. In the description box type a description if you want and click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
7/26
9. In the IP Traffic Source window leave My IP Address selected and click Next.
10. In the IP Traffic Destination window leave Any IP Address selected and click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
8/26
11. In the IP Protocol Type scroll to TCP and press Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
9/26
12. In the IP Protocol Port type 80 (for HTTP) in the To This Post box, and click Next.
13. In the IP Filter List window notice how a new IP Filter has been added. Now, if you want, add HTTPS (Any IP to
Any IP, Protocol TCP, Destination Port 443) in the same manner.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
10/26
14. Now that you have both filters set up, click Ok
-
7/30/2019 Block a Single Computer From Surfing on the Internet
11/26
15. Back in the Manage IP Filter Lists and Filter actions review your filters and if all are set, click on the Manage Filter
Actions tab. Now we need to add a filter action that will block our designated traffic, so click Add.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
12/26
16. In the Welcome screen click Next.
17. In the Filter Action Name type Block and click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
13/26
18. In the Filter Action General Options click Block then click on Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
14/26
19. Back in the Manage IP Filter Lists and Filter actions review your filters and if all are set, click on the Close button.
You can add Filters and Filter Actions at any time.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
15/26
-
7/30/2019 Block a Single Computer From Surfing on the Internet
16/26
Next step is to configure the IPSec Policy and to assign it.
II. Configuring the IPSec Policy1. In the same MMC console right-click IP Security Policies on Local Computer and select Create IP Security Policy.
2. In the Welcome screen click Next
3. In the IP Security Policy Name enter a descriptive name, such as "Block HTTP, HTTPS". Click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
17/26
4. In the Request for Secure Communication window click to clear the Active the Default Response Rule check-box.
Click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
18/26
5. In the Completing IP Security Policy Wizard window, click Finish.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
19/26
6. We now need to add the various IP Filters and Filter Actions to the new IPSec Policy. In the new IPSec Policy
window click Add to begin adding the IP Filters and Filter Actions.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
20/26
7. In the Welcome window click Next.
8. In the Tunnel Endpoint make sure the default setting is selected and click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
21/26
9. In the Network Type windows select All Network Connections and click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
22/26
10. In the IP Filter List window select one of the previously configured IP Filters, for example "HTTP, HTTPS"
(configured in step #6 at the beginning of this article). If, for some reason, you did not previously configure the right
IP Filter, then you can press Add and begin adding it now. When done, click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
23/26
11. In the Filter Action window select one of the previously configured Filter Actions, for example "Block" (configured
in step #15 at the beginning of this article). Again, if you did not previously configure the right Filter Action, you can
now press Add and begin adding it now. When done, click Next.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
24/26
12. Notice how the IP Filter has been added.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
25/26
Again, you can add any combination of IP Filters and Filter Actions you like.
Notice that you cannot change their order like in other full-featured firewalls. Even so, this configuration works perfectly as
you will soon discover.
-
7/30/2019 Block a Single Computer From Surfing on the Internet
26/26
The next phase is to assign the IPSec Policy.
III. Assigning the IPSec Policy1. In the same MMC console, right-click the new IPSec Policy and select Assign.
Done, you can now test the configuration by trying to surf to restricted and unrestricted websites.