0

I am designing a Local Network where part of network is far away and connected to main network via Fiber Optic connection. On Main Network, I have a Win11 OS based machines which need to forward traffic to Server machine (no domain) for Log collection only. For security, I am planning to use IPSec VPN and Firewall and guaging if it is better to configure both natively on Host machine or use external Next-Gen Firewall for this purpose.

I have questions related to idea if both VPN and Firewalls are configured on Windows,

  1. Are the firewall rules apply first on Inbound/outbound traffic before VPN tunnelling takes place or other way around?

  2. Is there any possibility/option/configuration on Windows OS that allow Firewall to filter the outbound traffic first and then packets are sent on establish VPN tunnel; for inbound traffic to pass to VPN tunnel first and then gets filtered by Firewall.

Network Schema:

enter image description here

harrymc
501k33 gold badges623 silver badges1k bronze badges
asked Oct 3, 2023 at 15:51

1 Answer 1

1

The firewall knows nothing about your VPN. All it does is allow or block packages of data. The encrypting/decrypting of the data is done by the VPN server and clients.

For your first question then, the answer is that firewall rules apply first on inbound/outbound traffic before VPN tunnelling.

For your second question, it is unclear - please supply more details.

answered Oct 3, 2023 at 16:12
8
  • Hi @harrymc Regarding second question, I want to make sure that from Host Machine point of view, sequence to be followed like this; Outbound Traffic: Host App Data -> Firewall Filter-> VPN Encryption Inbound Traffic: VPN Decryption -> Firewall Filter -> Host App Commented Oct 3, 2023 at 16:34
  • I may be misunderstanding : Do you mean a loop from the computer to itself? It might be better to add a schema of this circuit to your post. Commented Oct 3, 2023 at 16:36
  • Added the schema link Commented Oct 3, 2023 at 17:00
  • If I'm not still misunderstanding, this seems like a normal circuit where VPM packets are sent in each direction through two firewalls (client & server). Commented Oct 3, 2023 at 17:07
  • Actually, my impression from information I read on internet is that Windows Firewall first do filtering then VPN packets decrypts. Commented Oct 3, 2023 at 17:32

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.