Hi, I currently am running Windows Essentials 2016 with the built in VPN and remote web access feature. My insurance company is saying I don't meet compliance because port 443 is open to the public. How do I make this port or feature secure? I can close the port but then remote access won't work. I have tired creating a rule in Windows Firewall to only allow certain IP addresses but that doesn't seem to work. When I add a remote IP address to allow, it allows all to access again. Any ideas? Thank you.
Perhaps you should do 2 things block port 80/443 and get a firewall with OpenVPN or IPSec VPN, and or or add 2FA to all workstations and servers such as Duo this is what I have done for all my sites.
You have found that there is no future for Windows Server Essentials 2016 as it is. What you can do is put a Firewall in front of the WSE and let that handle VPN + MFA.
Are you suggesting a hardware firewall? Any suggestions? Is there any way to only allow a specific external IP to access port 443?
Yes, a hardware firewall. Something like https://www.sonicwall.com/products/firewalls/entry-level/ but you need to ask for advice on this. Most important is that the device can do MFA and has an Ldap connector so you can use your AD for username & password.
If you want to allow only specific IP addresses to be able to connect on your Windows Server Essentials 2016 you need to edit the Firewall on the server. It is better to add the external hardware firewall and allow for VPN + MFA. Once connected you can then connect to anything in your Lan.
Your browser doesn't have Flash, Silverlight or HTML5 support.