Planning and Design Considerations
Because Windows Firewall rules have the potential to prevent legitimate users from connecting to critical network resources or allow attackers to connect to resources they might abuse, you must carefully plan Windows Firewall rules. Specifically, you should create packet filtering policies for every server application that allows traffic only from networks used by legitimate users. When creating IPsec policies, you must identify hosts that can and cannot support IPsec and design an isolation strategy that maximizes security but takes advantage of exemptions to allow connectivity for all clients.
For information ...