Implementing a Firewall (Blocking ICMP and SMB)
In this documentation, we will be managing firewall rules to control communications between internal systems
Testing ICMP (ping) connectivity
Blocking ICMP traffic
Testing SMB (file sharing) access
Blocking SMB access using firewall rules
Environment
PC10: Windows Server 2019 (Client system)
DC10: Windows Server 2019 (Domain Controller / Server system)
Both systems connected within the same internal networks
PC10 Pinging DC10;
![](https://cdn.hashnode.com/uploads/covers/69f59629ec32cba9e5b92045/6cee580d-58b9-4ce9-b703-17ce3d314c88.png align="middle")
Ping displays four replies, which means that PC10 system can trigger ICMP response from DC10. this means that DC10 system is not in compliance with hardening requirement.
![](https://cdn.hashnode.com/uploads/covers/69f59629ec32cba9e5b92045/b625eabe-67d7-49f0-96c8-278cab401ed8.png align="middle")
Testing ICMP connectivity in DC10, pinging PC10.
The output displays four Request Timed Out messages. That means the communications were unsuccessful. This is because the settings of Windows Defender Firewall on PC10 are blocking inbound ICMP Requests, You’ll need to make similar settings on DC10 to block ICMP responses from other systems (such as PC10)
To set this rule, we’ll go to Windows Defender Firewall with advanced security.
![](https://cdn.hashnode.com/uploads/covers/69f59629ec32cba9e5b92045/815a5563-a5ec-4f25-8e7d-2d0e7638ad73.png align="middle")
Go to inbound rules and look For; File and Printer Sharing (ICMPv4) and File and Printer Sharing (ICMPv6) To block ICMP echo requests from all network profiles
![](https://cdn.hashnode.com/uploads/covers/69f59629ec32cba9e5b92045/6b219eed-4e3d-4a1d-bb48-6a42b804da04.png align="middle")
![](https://cdn.hashnode.com/uploads/covers/69f59629ec32cba9e5b92045/c61c94ba-3e1b-4eab-bbd4-1256db4ec50f.png align="middle")
Blocking connection, both ICMPv4 and ICMPv6.
Now let’s switch back to PC10 and see if our compensating control worked.
![](https://cdn.hashnode.com/uploads/covers/69f59629ec32cba9e5b92045/35adf5d3-436c-419c-be59-dcecd173b477.png align="middle")
Request Times out messages. This means that communications were unsucessful. This is because the settings of windows firewall on dC10 are now blocking inbound ICMP requests.
The “Restore defaults” option resets Windows Defender Firewall to Microsoft’s original settings, so it should be avoided unless necessary. Instead, use Windows Defender Firewall with Advanced Security and right-click the top item to manage settings more safely;
Export Policy: save current settings before making changes
Import Policy: restore saved settings if something goes wrong
Restore Default Policy: reset firewall to original configuration (last resort)
Always export your policy first before modifying firewall settings.
Configuring Windows defender firewall to manage shared folder access.
Assume that a system hardening requirement is to prevent client systems from hosting file shares. You will first create a share from a client system then access that share from another system. You will then configure firewall rules to block access to the client’s file share, Then test the rules’ effectiveness.
Press enter or click to view image in full size
![](https://miro.medium.com/v2/resize:fit:700/1*GTHc4FHRottn_PF2IlCI4g.png align="middle")
Press enter or click to view image in full size
![](https://miro.medium.com/v2/resize:fit:700/1*DrKDH5h_LPfw0v7_7EkqGw.png align="middle")
These rules control inbound TCP port 445 traffic.
Block the connections for both File and Printer Sharing (SMB-In) Private, And File and Printer Sharing (SMB-In) domain → Apply