The following steps can be used to create a new authentication exemption rule using the Windows Firewall with Advanced Security snap-in:
Launch the New Connection Security Rule Wizard, and select Authentication Exemption on the Rule Type page.
On the Exempt Computers page, specify the computers to which the exemption should apply:
By clicking Add on this page, you can specify exempted computers by the following characteristics:
An IP address (IPv4 or IPv6)
An IP subnet (IPv4 or IPv6)
A range of IP addresses (IPv4 or IPv6)
A predefined set of computers such as DHCP servers, DNS servers, computers on the local subnet, and so on
The options on the Profile And Name page are the same as those described in the previous section.
The following steps can be used to create a new server-to-server rule using the Windows Firewall with Advanced Security snap-in:
Launch the New Connection Security Rule Wizard, and select Server-to-Server on the Rule Type page.
On the Endpoints page, specify an IP address or range of addresses for each of the two endpoints in the secured connection:
On the Requirements page, specify whether to request or require authentication for inbound connections, outbound connections, or both by selecting one of the same three options described earlier for isolation rules.
On the Authentication Method page, specify whether to use a computer certificate as the authentication method or specify a custom list of first and second authentication methods. If you choose to use a computer certificate as the authentication method, there are some additional settings you can configure.
The following steps can be used to create a new tunnel rule using the Windows Firewall with Advanced Security snap-in:
Launch the New Connection Security Rule Wizard, and select Tunnel on the Rule Type page.
On the Tunnel Type page, specify the type of tunnel you want to create as indicated by the options shown here:
On the Requirements page, choose from one of the available authentication options. Depending on which tunnel type you specified on the previous wizard page, these options might include:
Require Authentication For Inbound And Outbound Connections This option is typically used in environments where network traffic must be controlled and secured.
Request Authentication For Inbound And Outbound Connections This option is typically used in low-security environments or where computers are unable to use the IPsec authentication methods available with Windows Firewall with Advanced Security.
Require Authentication For Inbound Connections. Do Not Establish Tunnels For Outbound Connections This option is typically used on a computer that serves as a tunnel endpoint for remote clients. The rule is used to indicate that the tunnel applies only to inbound network traffic from the clients.
Do Not Authenticate This option is typically used to create an authentication exemption for connections to computers that do not require IPsec protection.
On the Tunnel Endpoints page, specify the IP addresses of the endpoints for the tunnel connection. The options available on this page will depend on which option you selected on the Tunnel Type page.
The options on the Authentication Method, Profile And Name page are the same as those described in the previous section.
