which services or ports need to be opened to allow NT authentication

I'm setting up a CheckPoint firewall (NG version) and have created a rule to allow incoming traffic to a SQL Server.
I've created, and authorized  a User Defined Service to match the SQL Server used query port.
The connection to the SQL Server works fine but I'd like to allow trusted connections (accepted by my SQL Server).
I'm wondering what are the ports or inbound CheckPoint services to authorize so that trusted connection work.
I've successfuly tested trusted connections (authorized ANY to test).
The server that will trust the connection is NT4 not W2K and should not use Kerberos auth (as far as I know).
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If it's not AD realted then you should be able to do this with 139 but I've read some stuff around 137 and 138 too. I suggest that you open these all up on TCP and UDP and monitor the traffic you get when you get a trusted connection. Then shut down the others.


Opening up 139 on an NT/2000 box (without configuring it specially) will enable anonymous (unauthenticated) clients  to scan you machine for shares and user/group names etc. It really should be avoided if at all possibel. Even if you turn off anonymous access with the group policy (or straight registry changes) then they'll still be able to attept to brute force access to the c$ share. If you really must do this then rename all the built in accounts (Administrator etc) so that brute forcing requires guessing the username as well as the password.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fhoAuthor Commented:
Thanks, I'll do a test.
I was wondering if they wasn't a kind of CheckPoint built in service that would be more secure, but it seems that it only exists for W2K (ie Kerberos).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.