Our traveling (10) sales people need access our public facing Dynamics CRM, but it was being attacked all the time.
I blocked everything, and the sales people have to use MyWANIP and phone in the IP for us to open ... painful enough for 10 people, as we grow impossible.
I've been looking for a way to block all IPs outside the USA where all the attacks seem to come from.
I found this script https://www.sans.org/windows-security/2011/10/25/windows-firewall-script-block-addresses-network-ranges#respond which looked promising, so I modified it to create Allow rules (everything else blocked) for port 443 (HTTPS), then went looking for USA IPs.
I found them at ip2location.com, but the file has ~151,000 lines, which means the script would create more than 1500 rules.
Is there an easier way to do this on a public facing IIS box hosting Dynamics CRM?