Windows server firewall domain profile drops outside traffic

Question

I have a Windows Server 2019 with two nic's, one connected to the internet via een router and modem, this nic 2 and has a static ip. The second nic is connected with the internal network.

The server has a RAS role with VPN deployed, sometimes clients can't connect and their IP's a picked op bij the domain profile and dropped. Clients that can connect don't show up in the domain log. It's possible for a client to make a connection and later on the same day, the traffic of the same ip is dropped by the domain firewall. For example (I have changed the ip's):

2020-12-02 20:18:36 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE
2020-12-02 20:18:39 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE
2020-12-02 20:18:45 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE

I can't understand why some ip's show up in the domain firewall and are dropped and some are not, and can make a connection. Can someone point me in de right direction? Thank you very much.

Answer 1

Hi
you should be aware, that in your configuration there are different firewall profiles assigned to inside and outside interfaces. Only the inside interface has the domain profile assigned, the outside has the public profile.