0

Workstations on the office VLAN are assigned IP addresses in the 10.10.0.0/16 range. It's defined as a "Work" network and is using the "Private" firewall rule set. We use a central firewall / router to pass traffic between the VLANs and different IP ranges.

One of those IP ranges is assigned to our VPN solution, 10.100.0.0/16. For some reason, Windows Firewall (at least in Windows 7) is blocking all incoming traffic from 10.100 addresses, including pings and SMB traffic.

Why is this traffic being blocked? I thought the rules on "Private" connections were more relaxed. Is it because the traffic is coming from outside of the LAN's netmask/subnet? The wording on some of the "Private" rules suggests this, but I'm not 100% sure.

Can the traffic be permitted without creating new firewall rules? Rather, if it really is the netmask/subnet causing the problem, is there a way to make either the network configuration or Windows Firewall see it as sane? Creating new rules works, I'd just rather not have to go to each workstation and apply it manually. We don't yet have a domain, so no group policy pushing.

Charles
  • 1,214
  • 2
  • 13
  • 22

2 Answers2

0

By default Windows 7 blocks ICMP echo requests, so the only other option besides creating an exception in the firewall is to disable the firewall completely.

unhappyCrackers1
  • 977
  • 1
  • 6
  • 18
0

After further research:

  • When dealing with "Private" networks, like the "Home" and "Work" networks, Windows Firewall will only treat a connection as if it was from the "Private" network if the origin IP is from the same subnet.
  • There is no way to add additional subnets to the list of things considered "Private"
  • There is no way to modify the existing firewall rules to add subnets to their whitelist directly.

It looks like I'm either going to need to duplicate all of the needed firewall rules on a case-by-case basis or change the IP range that our VPN uses.

Charles
  • 1,214
  • 2
  • 13
  • 22