Making a hole in Windows Firewall

Hey guys,
I need to give an IP address (pretty much) full access to my server through
the Windows Firewall, but it looks like I can only add exceptions in port by
port, which will take forever - do you have any ideas, or am I doomed to
having 30 exceptions to allow one address?
Cheers,
Jeff

Aloha thatotherguy,

Why not set up a VPN?

-Ben-
Ben M. Schorr - MVP
Roland Schorr & Tower
http://www.rolandschorr.com
Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm

> Hey guys,
> I need to give an IP address (pretty much) full access to my server
> through
> the Windows Firewall, but it looks like I can only add exceptions in
> port by
> port, which will take forever - do you have any ideas, or am I doomed
> to
> having 30 exceptions to allow one address?
> Cheers,
> Jeff

Hola Ben,

You know, thats a damn fine idea - Im gonna get cracking on checking that
out right now.

Cheers,
Jeff

"Ben M. Schorr - MVP" wrote:

> Aloha thatotherguy,
>
> Why not set up a VPN?
>
> -Ben-
> Ben M. Schorr - MVP
> Roland Schorr & Tower
> http://www.rolandschorr.com
> Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm
>
> > Hey guys,
> > I need to give an IP address (pretty much) full access to my server
> > through
> > the Windows Firewall, but it looks like I can only add exceptions in
> > port by
> > port, which will take forever - do you have any ideas, or am I doomed
> > to
> > having 30 exceptions to allow one address?
> > Cheers,
> > Jeff
>
>
>

Ooo, I forgot to mention (which was rather daft of me - this might chage the
whole idea), both computers are Windows 2003 Servers, the one Im trying to
give access to is going to be an exchange server, and a backup-domain
controller. The server Im giving access from is a Terminal Server, that is
currently running 3 shops (so it's semi critical), and since the servers are
stored off site, Im a little reluctant to mess with the network settings too
much since I cant just log on and change the settings....

Im thinking it's gotta be easier to give full access to an IP address than
setup a VPN (in saying that, last time I played with the Routing and Remote
Access table, all the stores dropped off for most of the day)

"Ben M. Schorr - MVP" wrote:

> Aloha thatotherguy,
>
> Why not set up a VPN?
>
> -Ben-
> Ben M. Schorr - MVP
> Roland Schorr & Tower
> http://www.rolandschorr.com
> Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm
>
> > Hey guys,
> > I need to give an IP address (pretty much) full access to my server
> > through
> > the Windows Firewall, but it looks like I can only add exceptions in
> > port by
> > port, which will take forever - do you have any ideas, or am I doomed
> > to
> > having 30 exceptions to allow one address?
> > Cheers,
> > Jeff
>
>
>

Aloha thatotherguy,

Glad to help - we use VPN to access servers (for maintenance/troubleshooting)
across a dozen or more sites. Saves us a LOT of travel miles.

-Ben-
Ben M. Schorr - MVP
Roland Schorr & Tower
http://www.rolandschorr.com
Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm

> Hola Ben,
>
> You know, thats a damn fine idea - Im gonna get cracking on checking
> that out right now.
>
> Cheers,
> Jeff
> "Ben M. Schorr - MVP" wrote:
>
>> Aloha thatotherguy,
>>
>> Why not set up a VPN?
>>
>> -Ben-
>> Ben M. Schorr - MVP
>> Roland Schorr & Tower
>> http://www.rolandschorr.com
>> Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm
>>> Hey guys,
>>> I need to give an IP address (pretty much) full access to my server
>>> through
>>> the Windows Firewall, but it looks like I can only add exceptions in
>>> port by
>>> port, which will take forever - do you have any ideas, or am I
>>> doomed
>>> to
>>> having 30 exceptions to allow one address?
>>> Cheers,
>>> Jeff

Aloha thatotherguy,

And the two servers are at the same site or physically different sites?
Are there hardware appliances between them that you might be able to use
to create the VPN?

Creating a VPN connection between them should be pretty easy, unless you
have a lot of wacky network setup in between.

-Ben-
Ben M. Schorr - MVP
Roland Schorr & Tower
http://www.rolandschorr.com
Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm

> Ooo, I forgot to mention (which was rather daft of me - this might
> chage the whole idea), both computers are Windows 2003 Servers, the
> one Im trying to give access to is going to be an exchange server, and
> a backup-domain controller. The server Im giving access from is a
> Terminal Server, that is currently running 3 shops (so it's semi
> critical), and since the servers are stored off site, Im a little
> reluctant to mess with the network settings too much since I cant just
> log on and change the settings....
>
> Im thinking it's gotta be easier to give full access to an IP address
> than setup a VPN (in saying that, last time I played with the Routing
> and Remote Access table, all the stores dropped off for most of the
> day)
>
> "Ben M. Schorr - MVP" wrote:
>
>> Aloha thatotherguy,
>>
>> Why not set up a VPN?
>>
>> -Ben-
>> Ben M. Schorr - MVP
>> Roland Schorr & Tower
>> http://www.rolandschorr.com
>> Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm
>>> Hey guys,
>>> I need to give an IP address (pretty much) full access to my server
>>> through
>>> the Windows Firewall, but it looks like I can only add exceptions in
>>> port by
>>> port, which will take forever - do you have any ideas, or am I
>>> doomed
>>> to
>>> having 30 exceptions to allow one address?
>>> Cheers,
>>> Jeff

"thatotherguy" <(E-Mail Removed)> wrote in message
news:B9E40B30-9338-41ED-BBBF-(E-Mail Removed)...
> Hey guys,
> I need to give an IP address (pretty much) full access to my server
> through
> the Windows Firewall, but it looks like I can only add exceptions in port
> by
> port, which will take forever - do you have any ideas, or am I doomed to
> having 30 exceptions to allow one address?
> Cheers,
> Jeff

Have you tried this?

Windows Firewall | Exceptions | Add Port | Change Scope | Custom List | Type
in the IP address

-Frank

Hola Ben,
They are at the same site, but it goes through some crazy enterprise
switches (they're actually at a professional co-location server bunker, with
50 other companies servers, so they're all pretty well seperated)... Ive
already bit the bullet and started adding the exceptions manually, so all
good - if this doesnt work, Ill just have to book a time, and go run a
crossover cable between them...

Cheers for your help anyway,
Jeff

"Ben M. Schorr - MVP" wrote:

> Aloha thatotherguy,
>
> And the two servers are at the same site or physically different sites?
> Are there hardware appliances between them that you might be able to use
> to create the VPN?
>
> Creating a VPN connection between them should be pretty easy, unless you
> have a lot of wacky network setup in between.
>
> -Ben-
> Ben M. Schorr - MVP
> Roland Schorr & Tower
> http://www.rolandschorr.com
> Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm
>
> > Ooo, I forgot to mention (which was rather daft of me - this might
> > chage the whole idea), both computers are Windows 2003 Servers, the
> > one Im trying to give access to is going to be an exchange server, and
> > a backup-domain controller. The server Im giving access from is a
> > Terminal Server, that is currently running 3 shops (so it's semi
> > critical), and since the servers are stored off site, Im a little
> > reluctant to mess with the network settings too much since I cant just
> > log on and change the settings....
> >
> > Im thinking it's gotta be easier to give full access to an IP address
> > than setup a VPN (in saying that, last time I played with the Routing
> > and Remote Access table, all the stores dropped off for most of the
> > day)
> >
> > "Ben M. Schorr - MVP" wrote:
> >
> >> Aloha thatotherguy,
> >>
> >> Why not set up a VPN?
> >>
> >> -Ben-
> >> Ben M. Schorr - MVP
> >> Roland Schorr & Tower
> >> http://www.rolandschorr.com
> >> Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm
> >>> Hey guys,
> >>> I need to give an IP address (pretty much) full access to my server
> >>> through
> >>> the Windows Firewall, but it looks like I can only add exceptions in
> >>> port by
> >>> port, which will take forever - do you have any ideas, or am I
> >>> doomed
> >>> to
> >>> having 30 exceptions to allow one address?
> >>> Cheers,
> >>> Jeff
>
>
>

Hey Frank,
Yeah, when you do that, it still asks you which individual port youd like
the exception to apply to, whereas Ive pretty much gotta give full access to
this second server. All good, Im just going to bite the bullet and add in 30
or so manual exceptions...
Cheers anyway,
Jeff

"Frankster" wrote:

>
> "thatotherguy" <(E-Mail Removed)> wrote in message
> news:B9E40B30-9338-41ED-BBBF-(E-Mail Removed)...
> > Hey guys,
> > I need to give an IP address (pretty much) full access to my server
> > through
> > the Windows Firewall, but it looks like I can only add exceptions in port
> > by
> > port, which will take forever - do you have any ideas, or am I doomed to
> > having 30 exceptions to allow one address?
> > Cheers,
> > Jeff
>
> Have you tried this?
>
> Windows Firewall | Exceptions | Add Port | Change Scope | Custom List | Type
> in the IP address
>
> -Frank
>
>
>

Just can't help but be curious...What in the world are you doing with
enterprise servers running Windows Firewall in the first place?


"thatotherguy" <(E-Mail Removed)> wrote in message
news:0FECFEC1-357B-4E62-B79F-(E-Mail Removed)...
> Ooo, I forgot to mention (which was rather daft of me - this might chage
> the
> whole idea), both computers are Windows 2003 Servers, the one Im trying to
> give access to is going to be an exchange server, and a backup-domain
> controller. The server Im giving access from is a Terminal Server, that
> is
> currently running 3 shops (so it's semi critical), and since the servers
> are
> stored off site, Im a little reluctant to mess with the network settings
> too
> much since I cant just log on and change the settings....
>
> Im thinking it's gotta be easier to give full access to an IP address than
> setup a VPN (in saying that, last time I played with the Routing and
> Remote
> Access table, all the stores dropped off for most of the day)
>
> "Ben M. Schorr - MVP" wrote:
>
>> Aloha thatotherguy,
>>
>> Why not set up a VPN?
>>
>> -Ben-
>> Ben M. Schorr - MVP
>> Roland Schorr & Tower
>> http://www.rolandschorr.com
>> Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm
>>
>> > Hey guys,
>> > I need to give an IP address (pretty much) full access to my server
>> > through
>> > the Windows Firewall, but it looks like I can only add exceptions in
>> > port by
>> > port, which will take forever - do you have any ideas, or am I doomed
>> > to
>> > having 30 exceptions to allow one address?
>> > Cheers,
>> > Jeff
>>
>>
>>