Use the settings on this wizard page to specify the computers that can participate in connections created by this connection security rule. The connection security rule applies to communications between any computer in Endpoint 1 and any computer in Endpoint 2. If the local computer has an IP address that is included in one of the endpoint definitions, then it can send and receive network packets through this connection to computers that are listed in the other endpoint. An endpoint can be a single computer or a group of computers, defined by an IP address, an IP subnet address, an IP address range, or a predefined set of computers identified by role: default gateway, WINS servers, DHCP servers, DNS servers, or local subnet. The local subnet is the collection of all computers available to this computer, except for any public IP addresses (interfaces). This includes both local area network (LAN) and wireless addresses.

To get to this wizard page
  1. In the Windows Firewall with Advanced Security MMC snap-in, right-click Connection Security Rules, and then click New Rule.

  2. On the Rule Type page, select either Server-to-server or Custom, and then click Next.

Which computers are in Endpoint 1?

Use this section to define the computers that are part of Endpoint 1 and can use this rule to communicate with the computers that are part of Endpoint 2.

Any IP address

Select this option to specify that Endpoint 1 consists of any computer that needs to communicate with a computer in Endpoint 2. Any network traffic to or from a computer in Endpoint 2 matches this rule and is subject to its authentication requirements.

These IP addresses

Select this option to specify the IP addresses of the computers that make up Endpoint 1. Click Add or Edit to display the IP Addresses dialog box to create or modify your entries.

Customize the interface types to which this rule applies

Click Customize to display the Customize Interface Types dialog box to select the network adapter types to which this rule applies. The default is to apply this rule to all network adapters of any type.

Which computers are in Endpoint 2?

Use this section to define the computers that are part of Endpoint 2 and can use this rule to communicate with the computers that are part of Endpoint 1.

Any IP address

Select this option to specify that Endpoint 2 consists of any computer that needs to communicate with a computer in Endpoint 1. Any network traffic to or from a computer in Endpoint 1 matches this rule and is subject to its authentication requirements.

These IP addresses

Select this option to specify the IP addresses of the computers that make up Endpoint 2. Click Add or Edit to display the IP Addresses dialog box to create or modify your entries.

How to change these settings

After you create the connection security rule, you can change these settings in the Connection Security Rule Properties dialog box. This dialog box opens when you double-click a rule in Connection Security Rules. To change the computers that are in Endpoint 1 or Endpoint 2, click the Computers tab. To change the interface types to which this rule applies, click the Advanced tab, and then under Interface types, click Customize.

Additional references