Advertisement

07.10.2008 at 09:45AM PDT, ID: 23554480
[x]
Attachment Details

Domain Firewall ports

Asked by loftyworm in Windows 2003 Server, Active Directory, Microsoft Server

Can someone please check my work.  
I am moving things behind a firewall, and want to make sure I get this right so there are no outages.  The setup is like this;

                                                     /---LinuxDNS
ServerDC1--------(firewall)---------o----ServerDC2
                                                     \----Clients

*Firewall allows all outgoing
**50000, 50001, and 50002 are forced for AD rep and FRS rep via the registry
So Rule1 on the firewall should be;
allow ports ServerDC1 <=> ServerDC2;   88,135,137,138,139,389,445,636,3268,3269,icmp,50000,50001,50002
and Rule2
Allow ports ServerDC1<=> local network;   88, 389, 3268, icmp


I would love to hear some feed back on this.

Refferances;
Domains and trusts ports http://support.microsoft.com/kb/179442/
How to force rpc ports http://support.microsoft.com/kb/154596/
FRS port forcing http://support.microsoft.com/kb/319553/
RPC Port force & AD replication http://support.microsoft.com/kb/224196/
Start Free Trial
[+][-]07.10.2008 at 12:00PM PDT, ID: 21976399

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.17.2008 at 02:11PM PDT, ID: 22030392

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Windows 2003 Server, Active Directory, Microsoft Server
Sign Up Now!
Solution Provided By: loftyworm
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_EXPERT_20070906