How do I create a Windows Firewall rule to block a process for all but 'Internal' IP Ranges

Version Affected:  All

Description:  
Sometimes it is required to block a program or process for all IP Addresses except Internal IP Ranges

Cause:  
There are situations where it is required to block a Process from reaching out to external destinations, the below steps walk through the process for Windows Firewall and the dotnet.exe process (we have used dotnet.exe as an example, this article could be used for other Processes and/or Ports etc)

Resolution:  

• Open Windows Firewall and click on 'Outbound Rules' and click on 'New Rule...'
• Leave the 'Program' radio button selected and press 'Next'
• Browse to the selected Program executable, for dotnet.exe it would be '%ProgramFiles%\dotnet\dotnet.exe', Click 'Next'
• For the 'Action', leave this on 'Block the connection' and click 'Next'
• For 'Profile', select the relevant Firewall profile and click 'Next'
• For 'Name', provide an identifiable name and description and click 'Finish'
• Once the Rule is created, double click it to open the Properties
• Click on the 'Scope' tab and select the 'These IP Addresses:' radio button under the 'Remote IP addresses' section
• Click 'Add...' next to the 'Remote IP Addresses:'
• Click 'This IP address range:'
  
  For the next part, we are using an imaginary IP Address subnet of 10.0.0.0/8, we are blocking dotnet.exe from reaching out to any IP address apart from those within the 10.0.0.0/8 address range
• In the From field, add '0.0.0.0' as the starting address
• In the To field, add '9.255.255.255' as the end address
• Click 'OK'
• Click 'Add...' next to the 'Remote IP Addresses:'
• Click 'This IP address range:'
• In the From field, add '11.0.0.0' as the starting address
• In the To field, add '255.255.255.255' as the end address
• Click 'OK'
• Click 'OK'

Dotnet.exe is now blocked from reaching any IP Addresses other than those within the 10.0.0.0/8 subnet

Special Considerations (optional as needed):  
Creating Firewall Rules can cause communication problems in unexpected ways, ensure the correct steps are followed to avoid unexpected results. If there is uncertainty around the steps or working with Firewalls, do not make any changes

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.