To block
all Internet traffic to and from a
computer you need to create an IPSec
policy that will block all HTTP traffic.
You can configure this policy
specifically for one computer by
manipulating that computers' IPSec
policy, or, even better, you can
configure the policy as a Group Policy
Object (GPO) on a specific Site, Domain
or Organization Unit (OU). In order to
configure a GPO you must have Active
Directory in place.
Block a
single computer from surfing on the
Internet
To
configure a single computer follow these
steps:
Configuring IP Filter
Lists and Filter actions
-
Open
an MMC window (Start > Run > MMC).
-
Add
the IP Security and Policy
Management Snap-In.
-
In the
Select which computer this policy
will manage window select the local
computer (or any other policy
depending upon your needs). Click
Close then click Ok.
-
Right-click IP Security Policies in
the left pane of the MMC console.
Select Manage IP Filter Lists and
Filter Actions.
-
In the
Manage IP
Filter Lists and Filter actions
click Add.
-
In the IP Filter List
window type a descriptive name (such
as HTTP, HTTPS) and click Add to add
the new filters.
-
In the Welcome window
click Next.
-
In the description
box type a description if you want
and click Next.
-
In the IP Traffic
Source window leave My IP Address
selected and click Next.
-
In the IP Traffic
Destination window leave Any IP
Address selected and click Next.
-
In the IP Protocol
Type scroll to TCP and press Next.
-
In the IP Protocol
Port type 80 (for HTTP) in the To
This Post box, and click Next.
-
In the IP Filter List
window notice how a new IP Filter
has been added. Now, if you want,
add HTTPS (Any IP to Any IP,
Protocol TCP, Destination Port 443)
in the same manner.
-
Now that you have
both filters set up, click Ok.
Note: A quick
reminder - You can also Block Web
Browsing but Allow Intranet Traffic
with IPSec.
-
Back in the Manage IP
Filter Lists and Filter actions
review your filters and if all are
set, click on the Manage Filter
Actions tab. Now we need to add a
filter action that will block our
designated traffic, so click Add.
-
In the Welcome screen
click Next.
-
In the Filter Action
Name type Block and click Next.
-
In the Filter Action
General Options click Block then
click on Next.
-
Back in the Manage IP
Filter Lists and Filter actions
review your filters and if all are
set, click on the Close button. You
can add Filters and Filter Actions
at any time.
Next step is to configure
the IPSec Policy and to assign it. |