We have a new DA 2012 R2 server deployed and it's working well. However, I'd like todeny all access to our internal network and only allow traffic to whitelisted servers. This seems pretty straightforward with the combination of GPO and the firewall block list. I've tested it and it seems to apply the policy almost immediately on the client and deny the traffic.
If I want to block all, is allowing (whitelisting) IPv4/IPv6 to the DA server and to our AD servers adequate to allow a user to continue to connect via DA and log into their workstation via their AD account?
Also, although we cannot alter our base network infrastructure at this point, but is there perhaps another way I can accomplish this using DA?