Another Windows 7 Firewall Question

Ok so I have Win7Pro machine here that connects to the local network (home) as well as remotely via VPN using a native Win7 VPN connection. I am going to lay out two scenarios, and I'm hoping both are possible... one is ideal and one is easily workable for me.

Ideal - I have two programs that need to route through the VPN and only the VPN. I want to block these programs from accessing the internet outbound through the home network completely and connect only through the VPN when it is active. This will apply to all ports. The rest of the applications can connect to the internet through the home network and other local network resources to maximize speed and minimize sharing issues.

Workable - Same as above, but would need to route ALL outbound internet traffic through the VPN and completely refuse any connection to the internet outbound from the home network. The only exception would be for file sharing, which I'll need to have access to the home network for.

Is this doable with the stock Win7 VPN client and Windows Firewall? If so, can you explain how?

It is absolutely able to be done. It's a headache and pain to configure without 3rd party help though.

Have a look at this:

Windows 7 Firewall Control : Sphinx Software

If you don't really dig that after trying it out, you really should use ZoneAlarm to do what you want to accomplish.

I have a copy of ZoneAlarm. Can you explain how to create the rules for that? I've toyed with it for hours not being able to get it just right.


First, go to Firewall then Zones tab.

Make sure your network adapter (the line with entry type=network) is in the internet zone - not trusted.
If you have other machines on your local lan, you can add their address or machine name and assign them to the trusted zone here.
Localhost should also be assigned to trusted.
Add the VPN server ip address here and assign it to trusted zone also.


Now go to program control part of the software, then programs tab.

For the two programs you like to connect only through VPN, make sure that only the Access/Trusted column has a green check. Make sure Access/Internet has a red x and also the two server parts have a red x.

Set like this, it will be impossible for those two programs to do any networking at all, except to the trusted zone....and you already added the VPN server to this is great.


If you need any other help with configuring, not a problem...

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.