{"id":400,"date":"2022-04-05T09:16:30","date_gmt":"2022-04-05T02:16:30","guid":{"rendered":"http:\/\/congdong.longvan.net\/?p=400"},"modified":"2022-04-13T16:28:14","modified_gmt":"2022-04-13T09:28:14","slug":"windows-firewall-va-huong-dan-cau-hinh","status":"publish","type":"post","link":"https:\/\/longvan.net\/cong-dong\/windows-firewall-va-huong-dan-cau-hinh\/","title":{"rendered":"Windows Firewall v\u00e0 h\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh"},"content":{"rendered":"
\n
I.Network Profile<\/h5>\n
    \n
  1. Network Profile<\/strong>:\n
      \n
    • Network Profile \u0111\u01b0\u1ee3c g\u00e1n tr\u00ean Card m\u1ea1ng.<\/li>\n
    • Trong windows server c\u00f3 3 lo\u1ea1i network profile, v\u1edbi m\u1ed7i lo\u1ea1i network profile s\u1ebd c\u00f3 ch\u00ednh s\u00e1ch b\u1ea3o v\u1ec7 kh\u00e1c nhau. Bao g\u1ed3m:\n
        \n
      • Private<\/strong> – network n\u1ed9i b\u1ed9, c\u00f3 m\u1ee9c \u0111\u1ed9 an to\u00e0n cao. V\u1edbi lo\u1ea1i profile network n\u00e0y, server c\u00f3 th\u1ec3 scan c\u00e1c thi\u1ebft b\u1ecb kh\u00e1c trong m\u1ea1ng LAN, c\u0169ng nh\u01b0 chia s\u1ebd file.<\/li>\n
      • Public<\/strong> – network kh\u00f4ng \u0111\u00e1ng tin c\u1eady. Server \u1edf ch\u1ebf \u0111\u1ed9 n\u00e0y s\u1ebd \u1ea9n \u0111\u1ed1i v\u1edbi c\u00e1c thi\u1ebft b\u1ecb kh\u00e1c. Server c\u0169ng kh\u00f4ng th\u1ec3 chia s\u1ebd file. Trong tr\u01b0\u1eddng h\u1ee3p c\u00e1c d\u1ecbch v\u1ee5 Server c\u1ee7a Long V\u00e2n, card m\u1ea1ng public n\u00ean \u0111\u01b0\u1ee3c g\u00e1n lo\u1ea1i profile n\u00e0y \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n.<\/li>\n
      • Domain<\/strong> – server l\u00e0 m\u1ed9t th\u00e0nh ph\u1ea7n trong m\u1ed9t Active Directory domain. Server s\u1ebd t\u1ef1 \u0111\u1ed9ng chuy\u1ec3n sang profile n\u00e0y khi server join domain. C\u00f3 th\u1ec3 s\u1eed d\u1ee5ng Group Policy \u0111\u1ec3 c\u1ea5u h\u00ecnh khi card m\u1ea1ng \u0111\u01b0\u1ee3c g\u00e1n \u1edf Profile n\u00e0y.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
      • Ki\u1ec3m tra network profile<\/strong> – c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng m\u1ed9t trong 2 c\u00e1ch sau:\n
          \n
        • Control Panel –> Network and Sharing Center.<\/li>\n
        • M\u1edf powershell v\u00e0 g\u00f5 l\u1ec7nh:Get-NetConnectionProfile
          \n<\/em><\/em>\"image-1634102773450.png\"<\/li>\n<\/ul>\n<\/li>\n
        • Chuy\u1ec3n \u0111\u1ed5i network profile c\u1ee7a card m\u1ea1ng – \u0111\u1ec3 thay \u0111\u1ed5i profile network c\u00f3 th\u1ec3 ti\u1ebfn h\u00e0nh c\u00e1c b\u01b0\u1edbc nh\u01b0 sau:\n
            \n
          • M\u1edf powershell.<\/li>\n
          • G\u00f5 l\u1ec7nh Get-NetConnectionProfile<\/em> \u0111\u1ec3 l\u1ea5y th\u00f4ng tin network profile hi\u1ec7n t\u1ea1i, \u0111\u1ed3ng th\u1eddi l\u1ea5y InterfaceIndex<\/em> c\u1ee7a card m\u1ea1ng c\u1ea7n thay \u0111\u1ed5i.<\/li>\n
          • S\u1eed d\u1ee5ng l\u00eanh sau \u0111\u1ec3 thay \u0111\u1ed5i:Set-NetConnectionProfile -InterfaceIndex [id]<\/strong> -NetworkCategory [Private|Public]
            \n<\/strong><\/em>v\u1edbi id l\u00e0 InterfaceIndex \u0111\u00e3 c\u00f3 \u1edf b\u01b0\u1edbc 2<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n
            II. Firewall<\/h5>\n
              \n
            1. Ki\u1ec3m tra tr\u1ea1ng th\u00e1i.<\/strong>\n
                \n
              • M\u1edf c\u1eeda s\u1ed5 Run.<\/li>\n
              • Nh\u1eadp “control firewall.cpl<\/em>” v\u00e0 nh\u1ea5n enter \u0111\u1ec3 truy c\u1eadp Firewall.<\/li>\n
              • Trong m\u1ed7i Network profile, tr\u1ea1ng th\u00e1i firewall s\u1ebd hi\u1ec3n th\u1ecb \u1edf d\u00f2ng “Windows Firewall State”. Ho\u1eb7c c\u00f3 th\u1ec3 theo d\u00f5i d\u1ef1a v\u00e0o m\u00e0u s\u1eafc c\u1ee7a Nerwork Profile (Xanh l\u00e1: firewall enable, \u0110\u1ecf: firewall disable)
                \n\"image-1634102953442.png\"<\/li>\n
              • C\u00e1c c\u00f4ng c\u1ee5 ch\u00ednh tr\u00ean giao di\u1ec7n Windows Firewall, bao g\u1ed3m:\n
                  \n
                • Turn Windows Firewall on or off<\/strong> : b\u1eadt t\u1eaft window firewall<\/li>\n
                • Advanced settings<\/strong> : c\u1ea5u h\u00ecnh chi ti\u1ebft c\u00e1c rule tr\u00ean firewall.<\/li>\n
                • Restore default<\/strong> : reset l\u1ea1i c\u1ea5u h\u00ecnh m\u1eb7c \u0111\u1ecbnh ban \u0111\u1ea7u c\u1ee7a firewall.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
                • \u0110\u1ecbnh h\u01b0\u1edbng c\u1ea5u hinh<\/strong>.\n
                    \n
                  • C\u1ea5u h\u00ecnh enable Firewall.<\/li>\n
                  • Disable to\u00e0n b\u1ed9 nh\u1eefng rule c\u00f3 s\u1eb3n trong Windows Firewall with Advanced Security on Local Computer –> Inbound Rules.<\/li>\n
                  • Ch\u1ec9 c\u1ea5u h\u00ecnh cho ph\u00e9p truy c\u1eadp v\u1edbi c\u00e1c port v\u00e0 ip x\u00e1c \u0111\u1ecbnh.<\/li>\n<\/ul>\n<\/li>\n
                  • M\u1edf port<\/strong>.\n
                      \n
                    • Truy c\u1eadp Windows Firewall.<\/li>\n
                    • Trong Windows Firewall with Advanced Security<\/strong>, m\u1ee5c Inbound Rules<\/strong>, c\u1ed9t Action<\/strong>, ch\u1ecdn New Rules<\/strong> … \u0111\u1ec3 t\u1ea1o m\u1edbi m\u1ed9t Rule<\/li>\n
                    • C\u1eeda s\u1ed5 New Inbound Rule Wizard<\/strong>, ch\u1ecdn Custom<\/strong> \u0111\u1ec3 thi\u1ebft l\u1eadp chi ti\u1ebft Rule. C\u00f3 th\u1ec3 ch\u1ecdn Port<\/strong> \u0111\u1ec3 thi\u1ebft l\u1eadp m\u1edf port nhanh v\u00e0 \u0111\u01a1n gi\u1ea3n h\u01a1n.
                      \n\"image-1635490593841.png\"<\/li>\n
                    • M\u1ee5c Program<\/strong>, ch\u1ecdn All program.<\/strong> Nh\u1ea5n Next<\/strong> \u0111\u1ec3 ti\u1ebfp t\u1ee5c.<\/li>\n
                    • M\u1ee5c Protocol and Ports<\/strong>, ch\u1ecdn giao th\u1ee9c (TCP, UDP, ICMP, …) v\u00e0 thi\u1ebft l\u1eadp Local port<\/strong> – port mu\u1ed1n m\u1edf cho d\u1ecbch v\u1ee5 ch\u1ea1y tr\u00ean server (Web: 80, 443, MSSQL: 1433,…). Nh\u1ea5n Next<\/strong> \u0111\u1ec3 ti\u1ebfp t\u1ee5c.
                      \n\"image-1635490796960.png\"<\/p>\n
                        \n
                      • Remote port<\/strong> l\u00e0 port m\u00e0 Client s\u1eed d\u1ee5ng \u0111\u1ec3 k\u1ebft n\u1ed1i \u0111\u1ebfn server, th\u00f4ng th\u01b0\u1eddng client s\u1ebd s\u1eed d\u1ee5ng c\u00e1c port random \u0111\u1ec3 k\u1ebft n\u1ed1i \u0111\u1ebfn, n\u00ean s\u1ebd set All port cho t\u00f9y ch\u1ecdn n\u00e0y.<\/li>\n<\/ul>\n<\/li>\n
                      • M\u1ee5c Scope<\/strong>, sec ch\u1ecdn nh\u1eefng IP ho\u1eb7c d\u00e3y IP \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp v\u00e0o d\u1ecbch v\u1ee5.
                        \n\"image-1635491038850.png\"<\/p>\n
                          \n
                        • Local IP<\/strong> – l\u00e0 IP tr\u00ean server. Th\u00f4ng th\u01b0\u1eddng ch\u1ecdn Any IP address<\/strong> – \u0111\u1ec3 c\u1ea5u h\u00ecnh cho ph\u00e9p truy c\u1eadp v\u00e0o t\u1ea5t c\u1ea3 IP tr\u00ean server. Trong tr\u01b0\u1eddng h\u1ee3p ch\u1ec9 m\u1edf d\u1ecbch v\u1ee5 \u1edf m\u1ed9t IP n\u00e0o \u0111\u00f3 th\u00ec ch\u1ecdn These IP address<\/strong> v\u00e0 nh\u1eadp IP c\u1ee5 th\u1ec3.<\/li>\n
                        • Remote IP<\/strong> – l\u00e0 IP c\u1ee7a client k\u1ebft n\u1ed1i \u0111\u1ebfn. Trong tr\u01b0\u1eddng h\u1ee3p ch\u1ec9 cho ph\u00e9p m\u1ed9t ho\u1eb7c m\u1ed9t s\u1ed1 IP truy c\u1eadp dich v\u1ee5, ch\u1ecdn These IP address<\/strong> v\u00e0 nh\u1eadp IP ho\u1eb7c range IP c\u1ee5 th\u1ec3.<\/li>\n<\/ul>\n<\/li>\n
                        • M\u1ee5c Action<\/strong>, ch\u1ecdn Allow Connection<\/strong>. Nh\u1ea5n Next<\/strong> \u0111\u1ec3 ti\u1ebfp t\u1ee5c.
                          \n\"image-1635491369863.png\"<\/li>\n
                        • M\u1ee5c Profile<\/strong>, l\u1ef1a ch\u1ecdn profile t\u01b0\u01a1ng \u1ee9ng \u0111\u00e3 thi\u1ebft l\u1eadp \u1edf Card m\u1ea1ng (m\u1ee5c I). C\u00f3 th\u1ec3 ch\u1ecdn t\u1ea5t c\u1ea3. Nh\u1ea5n Next<\/strong> \u0111\u1ec3 ti\u1ebfp t\u1ee5c.<\/li>\n
                        • M\u1ee5c Name<\/strong>, nh\u1eadp T\u00ean c\u1ee7a Rule \u0111ang c\u1ea5u h\u00ecnh. Nh\u1ea5n Finish<\/strong> \u0111\u1ec3 ho\u00e0n th\u00e0nh.<\/li>\n<\/ul>\n<\/li>\n
                        • Ch\u1eb7n truy c\u1eadp d\u1ecbch v\u1ee5 \u0111\u1ed1i v\u1edbi m\u1ed9t s\u1ed1 IP.\n
                            \n
                          • Trong Windows Firewall with Advanced Security<\/strong>, m\u1ee5c Inbound Rules<\/strong>, c\u1ed9t Action<\/strong>, ch\u1ecdn New Rules<\/strong> … \u0111\u1ec3 t\u1ea1o m\u1edbi m\u1ed9t Rule.<\/li>\n
                          • C\u1eeda s\u1ed5 New Inbound Rule Wizard<\/strong>, ch\u1ecdn Custom<\/strong> \u0111\u1ec3 thi\u1ebft l\u1eadp chi ti\u1ebft Rule.<\/li>\n
                          • M\u1ee5c Program<\/strong>, ch\u1ecdn All program.<\/strong> Nh\u1ea5n Next<\/strong> \u0111\u1ec3 ti\u1ebfp t\u1ee5c.<\/li>\n
                          • M\u1ee5c Protocol and Ports<\/strong>, ch\u1ecdn giao th\u1ee9c (TCP, UDP, ICMP, …) v\u00e0 thi\u1ebft l\u1eadp Local port.
                            \n<\/strong><\/p>\n
                              \n
                            • N\u1ebfu thi\u1ebft l\u1eadp c\u1ea5u h\u00ecnh Local port, s\u1ebd ch\u1eb7n truy c\u1eadp t\u1eeb IP \u0111\u1ebfn port ho\u1eb7c d\u1ecbch v\u1ee5 theo port.<\/li>\n
                            • Ch\u1ecdn Any, t\u1ea5t c\u1ea3 c\u00e1c truy c\u1eadp t\u1eeb IP \u0111\u1ebfn server \u0111\u1ec1u b\u1ecb ch\u1eb7n.<\/li>\n<\/ul>\n<\/li>\n
                            • M\u1ee5c Scope<\/strong>, sec ch\u1ecdn nh\u1eefng IP ho\u1eb7c d\u00e3y IP \u0111\u01b0\u1ee3c c\u1ea7n ch\u1eb7n truy c\u1eadp\n
                                \n
                              • Remote IP<\/strong> – l\u00e0 IP c\u1ee7a client k\u1ebft n\u1ed1i \u0111\u1ebfn. Ch\u1ecdn These IP address<\/strong> v\u00e0 nh\u1eadp IP ho\u1eb7c range IP c\u1ee5 th\u1ec3 c\u1ea7n ch\u1eb7n.<\/li>\n
                              • Local IP<\/strong> – ch\u1ecdn Any IP Address, ho\u1eb7c 1 IP x\u00e1c \u0111\u1ecbnh tr\u00ean server.<\/li>\n<\/ul>\n<\/li>\n
                              • M\u1ee5c Action<\/strong>, ch\u1ecdn Block the connection<\/strong>. Nh\u1ea5n Next<\/strong> \u0111\u1ec3 ti\u1ebfp t\u1ee5c.<\/li>\n
                              • M\u1ee5c Profile<\/strong>, l\u1ef1a ch\u1ecdn profile t\u01b0\u01a1ng \u1ee9ng \u0111\u00e3 thi\u1ebft l\u1eadp \u1edf Card m\u1ea1ng (m\u1ee5c I). C\u00f3 th\u1ec3 ch\u1ecdn t\u1ea5t c\u1ea3. Nh\u1ea5n Next<\/strong> \u0111\u1ec3 ti\u1ebfp t\u1ee5c.<\/li>\n
                              • M\u1ee5c Name<\/strong>, nh\u1eadp T\u00ean c\u1ee7a Rule \u0111ang c\u1ea5u h\u00ecnh. Nh\u1ea5n Finish<\/strong> \u0111\u1ec3 ho\u00e0n th\u00e0nh.<\/li>\n<\/ul>\n<\/li>\n
                              • Backup c\u1ea5u h\u00ecnh: Trong Windows Firewall with Advanced Security,<\/strong> c\u1ed9t Action.<\/strong>\n
                                  \n
                                • Ch\u1ecdn Export Policy \u0111\u1ec3 backup c\u1ea5u h\u00ecnh Windows Firewall.<\/li>\n
                                • Ch\u1ecdn Import Policy \u0111\u1ec3 apply m\u1ed9t file c\u1ea5u h\u00ecnh s\u1eb3n. L\u01b0u \u00fd kh\u00f4ng ti\u1ebfn h\u00e0nh Import c\u1ea5u h\u00ecnh khi \u0111ang remote \u0111\u1ebfn server (ti\u1ec1m \u1ea9n nguy c\u01a1 m\u1ea5t k\u1ebft n\u1ed1i)<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

                                  I.Network Profile Network Profile: Network Profile \u0111\u01b0\u1ee3c g\u00e1n tr\u00ean Card m\u1ea1ng. Trong windows server c\u00f3 3 lo\u1ea1i network profile, v\u1edbi m\u1ed7i lo\u1ea1i network profile s\u1ebd c\u00f3 ch\u00ednh s\u00e1ch b\u1ea3o v\u1ec7 kh\u00e1c nhau. Bao g\u1ed3m: Private – network n\u1ed9i b\u1ed9, c\u00f3 m\u1ee9c \u0111\u1ed9 an to\u00e0n cao. V\u1edbi lo\u1ea1i profile network n\u00e0y, server c\u00f3 th\u1ec3 scan c\u00e1c […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_oasis_is_in_workflow":0,"_oasis_original":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-400","post","type-post","status-publish","format-standard","hentry","category-windows"],"_links":{"self":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts\/400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/comments?post=400"}],"version-history":[{"count":5,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts\/400\/revisions"}],"predecessor-version":[{"id":489,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/posts\/400\/revisions\/489"}],"wp:attachment":[{"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/media?parent=400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/categories?post=400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/longvan.net\/cong-dong\/wp-json\/wp\/v2\/tags?post=400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}