-2

I've got a cloud network: 192.168.100.0/24 with:

  • Pfsense GW (IPSec site-to-site)
  • NIC1 = WAN-IP1 (fully blocked except IPSec)
  • NIC2 = 192.168.100.1
  • DC (WinServer2016)
  • NIC1 = WAN-IP2 (external)
  • NIC2 = 192.168.100.2 with Pfsense as GW (internal)

In Windows Network Sharing Center I've disabled the External NIC for obvious security reasons.

However I would like to change my NIC1 & firewall that it can get updates and other important traffic. Why not over the Pfsense? Due to bandwith limitations of my provider and VPS's.

How can I change my external NIC (NIC1 on WinServer2016) to only allow outgoing updates traffic?

edit: Removed suggestion to use Public profile

MKZ
  • 261
  • 1
  • 3
  • 9
  • You can do that by setting registry keys (`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\`, `0` is public). But well, I advise against that. Your NIC isn't a domain network by accident, but because you're joined to a domain, I presume. If you change that network type, you could run into all kinds of trouble (replication, sync, AD traffic, etc.). _Why_ it is a domain network on your **WAN** NIC, I can't say. But I'd rather try and set the correct FW ports etc. and restrict them to IP ranges. – Lenniey Feb 01 '18 at 12:23
  • 1
    `I've got a cloud network` - What does that even mean? `However I would like to make my NIC1 'public' instead of 'Domain Network'` - Why do you have two NIC's in the server to begin with? – joeqwerty Feb 01 '18 at 13:49
  • @joeqwerty. I got a network in the cloud with three VPS. One of these is a Pfsense gateway for IPSec and OpenVPN. Every VPS has a WAN NIC and a LAN NIC – MKZ Feb 01 '18 at 14:36
  • This is just *wrong* on so many levels... – Massimo Jul 01 '22 at 22:31

1 Answers1

1

You can use the PowerShell cmdlets Get-NetConnectionProfile to get your connection alias and index and Set-NetConnectionProfile -InterfaceAlias [whatever your alias is] -NetworkCategory Public to change the profile to public. as per @Lenniey - seems a bit iffy though.

tobyd
  • 471
  • 1
  • 3
  • 12
  • set-NetConnectionProfile : Unable to set the NetworkCategory due to one of the following possible reasons: (..); the NetworkCategory cannot be changed from 'DomainAuthenticated' ; (..) – MKZ Feb 01 '18 at 14:44
  • You might want to make sure its not bound to a domain function like DNS. – tobyd Feb 01 '18 at 14:47
  • It's a DC, I'd be surprised if it wasn't bound to some AD service... – Lenniey Feb 01 '18 at 14:57
  • If it's a DC you need to be extra careful. I would try to remove the NIC snd re-add it and change it to public using PowerShell. Make sure it's not responsible for any inbound connections or services. But I don't see the need for doing this, just configure your nics as designed and accepted it as is. To check the inbound connection use : `Get-NetTCPConnection -State Listen | Select-Object -Property LocalAddress, LocalPort, RemoteAddress, RemotePort, State | Sort-Object LocalPort |ft` – Ace Jul 01 '22 at 22:46