11

On Windows Firewall under an individual rule the scope tab allows you to define which ips are subject to the rule. One of the built in options is "Local subnet".

How can you add an additional subnet to this for windows to understand it is a trusted network segment?

Windows Firewall Scope tab

My question directly pertains to what windows (or domain) settings can be applied to add subnets directly to that predefined group "local subnet"

Chris Marisic
  • 1,404
  • 8
  • 33
  • 51

2 Answers2

9

Local subnets is a special address group defined exclusively by the subnets of the NICs attached to the computer. You can't specify what goes in the group manually.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • 1
    Well that's amazingly short sighted of Microsoft. – Chris Marisic Feb 17 '12 at 14:10
  • 4
    Not really... It's reliable, you know it will always and only contain those subnets. If you want to add other subnets, it's pretty easy, and can be done through GPO. I'm not sure why you think it's necessary to hide your subnets in a built-in group. – Chris S Feb 17 '12 at 14:46
  • 3
    What kinds of subnets are considered to be part of Local subnets? – CMCDragonkai Feb 03 '17 at 04:55
  • 2
    @CMCDragonkai Chris explained what's in Local Subnet (no s): It's the subnet of the directly connected NICs. But it would be nice if that things other subnets could be added. For example, we have a subnet for VPN users and we have to manually add this subnet to every firewall rule on the windows servers. This wouldn't be so bad, but Windows breaks several services out into several entries (there's 9 entries for File and Printer Sharing). If I could tell the firewall that I consider both 10.0.0.0/16 and 10.10.0.0/16 to be "local" then I could do 1 edit instead of 30. – bobpaul Nov 14 '19 at 05:17
1

I think you can do, for example, 192.168.0.0/16 to block or allow any addresses originating from 192.168.x.x subnet.

Charles
  • 19
  • 1