How can I use Windows 7 DirectAccess with F-Secure firewall turned on?
This article describes how you can set up the F-Secure firewall for Windows 7 DirectAccess from Policy Manager Console (PMC).
To set up the F-Secure firewall for DirectAccess from PMC:
- Windows Firewall needs to be turned on. Therefore, change the following setting from the policy: PMC advanced mode > F-Secure Internet Shield > Settings > Installation > Disable Windows Firewall > No (Final).
- From Policy Manager, change the IPV6 traffic filtering option to Normal in the following way: PMC advanced mode > F-Secure Internet Shield > Settings > Firewall Engine > IPV6 Filtering Mode > Normal (Final).
- On the Policy tab, select F-Secure Internet Shield > Settings > Services table, and edit the LDAP service in the following way:
- Rename LDAP to, for example, LDAP UDP;
- On the next page, change the IP protocol to UDP(17);
- On the next page, change the Initiator ports to >0. Click Finish.
- On the Policy tab, select F-Secure Internet Shield > Settings > Rules table, and modify the Security Level in use so that it contains the following rules:
Note: TCP Service could be restricted to use only the ports needed to communicate with Policy Manager. Default ports are 80, 8080 and 8081.
Note: On the client side, make sure that those policies were received. Also, check that the Windows Firewall profile in use is turned on (only those rules which are required for MS Direct Access).