Configure domain member client hosted cache mode firewall rules

  • Article

Updated: October 7, 2009

Applies To: Windows 7, Windows Server 2008 R2

When you configure BranchCache in hosted cache mode, BranchCache client computers use the Hypertext Transfer Protocol (HTTP) and HTTP Secure (HTTPS) for data transfer with other client computers. You can use this procedure to configure client firewall inbound and outbound rules to allow HTTP and HTTPS traffic on client computers that are configured for hosted cache mode.

Note

The HTTP inbound and outbound firewall rules that are created with this procedure have the following settings: TCP port 80. The HTTPS outbound firewall exception created with this procedure has the following setting: TCP port 443.

Membership in Domain Admins, or equivalent is the minimum required to perform this procedure.

To configure hosted cache mode client firewall exceptions

  1. On a computer upon which the Active Directory Domain Services server role is installed, click Start, click Administrative Tools, and click Group Policy Management. The Group Policy Management console opens.

  2. In the Group Policy Management console, expand the following path: Forest: example.com, Domains, example.com, Group Policy Objects, where example.com is the name of the domain where the BranchCache client computer accounts that you want to configure are located.

  3. In the Group Policy Management console, ensure that Group Policy Objects is selected, and in the details pane right-click the BranchCache client computers GPO that you created previously. For example, if you named your GPO BranchCache Client Computers, right-click BranchCache Client Computers. Click Edit. The Group Policy Management Editor console opens.

  4. In the Group Policy Management Editor console, expand the following path: Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security, Windows Firewall with Advanced Security – LDAP…, Inbound Rules.

  5. Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard opens.

  6. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache – Content Retrieval (Uses HTTP). Click Next.

  7. In Predefined Rules, click Next.

  8. In Action, ensure that Allow the connection is selected, and then click Finish.

Important

You must select Allow the connection for the BranchCache client to be able to receive traffic on this port.

  1. In the Group Policy Management Editor console, right-click Outbound Rules, and then click New Rule. The New Outbound Rule Wizard opens.

  2. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache – Content Retrieval (Uses HTTP). Click Next.

  3. In Predefined Rules, click Next.

  4. In Action, ensure that Allow the connection is selected, and then click Finish.

Important

You must select Allow the connection for the BranchCache client to be able to send traffic on this port.

  1. In the Group Policy Management Editor console, right-click Outbound Rules, and then click New Rule. The New Outbound Rule Wizard opens.

  2. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache – Hosted Cache Client (Uses HTTPS). Click Next.

  3. In Predefined Rules, click Next.

  4. In Action, ensure that Allow the connection is selected, and then click Finish.

Important

You must select Allow the connection for the BranchCache client to be able to send traffic on this port.