Create a Connection Security Rule on the Server
1.Log onto the server.
2.Open Windows Firewall with Advanced Security.
3.Right-click Connection Security Rules and then click New Rule.
4.Select Custom, and then click Next.
5.In the Endpoints window, do the following:
-Which Computers are Endpoint 1 box, enter the server(s) IP address or range.
-In the Which Computers are Endpoint 2 box, enter the client(s) IP address or range.
-Click Next.
6.Select Require authentication for inbound and outbound connections, and then click Next.
7.In the Authentication Method box, select Advanced, and then click Customize.
8.In First Authentication Method, click Add.
9.In Add First Authentication Method, select Computer certificate from this certificate authority and then do the following:
Signing algorithm : (default)
Certificate store type: (default)
Click Browse and select the Issuing CA.
Click OK.
10.In Customize Advanced Authentication Methods, click OK.
11.You'll see the New Connection Security Rule Wizard: Authentication Method window again, click Next.
12.In the To which ports and protocols does this rule apply box, select the ports/protocols for your service (we will use SMB, TCP 445 for this example), and then click Next.
Since Endpoint 1 is the server, only define the port on Endpoint 1. Leave it as All Ports for Endpoint 2.
13.In the When does this rule apply box, leave all the boxes checked, and then click Next.
14.Name your rule, and then click Finish.