Hi,

Been struggling to find information out about this so I was wondering if anyone has come across it.

My understanding is the public firewall is always first one to activate. If windows can detect its on the domain is a part of it will activate the domain profile.

However, I have had to set public profile: block all outgoing connections.

This stops it going into domain profile mode.

I can't find a list of all the specific exception rules I need to add to the public profile  in order to allow the right traffic out so it will go into domain profile.

i.e. I don't just want to allow all traffic going to xx IPs. I would rather do process on xx port going to xx IP

Any ideas?

Hi,

Maybe I shouldn't ask, but why do you want to block all outbound traffic through a public profile?

Anyway, there is just one other thing. Normally with internal network connectivity you are right, when a Domain Controller is detected it will switch to a Domain Profile. But with DirectAccess connectivity, that isn't the case. It will stay Public, or Private if you set that manually. Because in fact it is another (RAS) interface that makes the DirectAccess connection.

And when you want to configure inbound Access Rules for DirectAccess Manage-Out capabilities, you should also use Domain and Private Profiles in those Access Rules.

Hi,

Maybe I shouldn't ask, but why do you want to block all outbound traffic through a public profile?

Anyway, there is just one other thing. Normally with internal network connectivity you are right, when a Domain Controller is detected it will switch to a Domain Profile. But with DirectAccess connectivity, that isn't the case. It will stay Public (or Private if you set that manually). Because in fact it is another (RAS) interface that makes the DirectAccess connection.

And when you want to configure inbound Access Rules for DirectAccess Manage-Out capabilities, you should also use Public and Private Profiles in those Access Rules.