This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 20%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPF%3C/text%3E%3C/svg%3E)
Dear all,
I would like to limit the traffic that the Edge browser in WDAG (Windows Defender Application Guard) can initiate (outbound). The idea is to prevent access to internal network addresses in cases where the WDAG container gets taken over. Therefore I would like to prevent access to local sites.
How can I achieve this? How can I define firewall rules for the WDAG traffic?
Furthermore, is it possible to change the routing of the WDAG traffic e.g. to go via a second network adapter (VPN or physical)?
Thanks!
Peter
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
You may define Network Boundry, and the policy is located on Computer Configuration\Administrative Templates\Network\Network Isolation.
Have a look at:
https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard
