Configure domain member client distributed cache mode firewall rules

Updated: October 7, 2009

Applies To: Windows 7, Windows Server 2008 R2

When you configure BranchCache in distributed cache mode, BranchCache client computers use the Hypertext Transfer Protocol (HTTP) for data transfer with other client computers. BranchCache client computers also use the Web Services Dynamic Discovery (WS-Discovery) protocol when they attempt to discover content on client cache servers. You can use this procedure to configure client firewall exceptions to allow incoming HTTP and WS-Discovery traffic on client computers that are configured for distributed cache mode.

Membership in Domain Admins, or equivalent is the minimum required to perform this procedure.

To configure distributed cache mode client firewall exceptions

1. On a computer upon which the Active Directory Domain Services server role is installed, click Start, click Administrative Tools, and click Group Policy Management. The Group Policy Management console opens.

2. In the Group Policy Management console, expand the following path: Forest: example.com, Domains, example.com, Group Policy Objects, where example.com is the name of the domain where the BranchCache client computer accounts that you want to configure are located.

3. In the Group Policy Management console, ensure that Group Policy Objects is selected, and in the details pane right-click the BranchCache client computers GPO that you created previously. For example, if you named your GPO BranchCache Client Computers, right-click BranchCache Client Computers. Click Edit. The Group Policy Management Editor console opens.

4. In the Group Policy Management Editor console, expand the following path: Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security, Windows Firewall with Advanced Security – LDAP…, Inbound Rules.

5. Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard opens.

6. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache – Content Retrieval (Uses HTTP). Click Next.

7. In Predefined Rules, click Next.

8. In Action, ensure that Allow the connection is selected, and then click Finish.

9. To create the WS-Discovery firewall exception, again right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard opens.

10. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache – Peer Discovery (Uses WSD). Click Next.

11. In Predefined Rules, click Next.

12. In Action, ensure that Allow the connection is selected, and then click Finish.

13. In the Group Policy Management Editor console, right-click Outbound Rules, and then click New Rule. The New Outbound Rule Wizard opens.

14. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache – Content Retrieval (Uses HTTP). Click Next.

15. In Predefined Rules, click Next.

16. In Action, ensure that Allow the connection is selected, and then click Finish.

17. To create the WS-Discovery firewall exception, again right-click Outbound Rules, and then click New Rule. The New Outbound Rule Wizard opens.

18. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache – Peer Discovery (Uses WSD). Click Next.

19. In Predefined Rules, click Next.

20. In Action, ensure that Allow the connection is selected, and then click Finish.