Pix 515-E  Win2000 trusts and domains

Posted on 2004-11-16
Last Modified: 2013-11-16
hi, i want to trust in a domain that it's not in my forest, so i want to know which ports should i open in the firewall, both domains are win2000. and also i wish to know which ports to WinNT domains, thanks.
Question by:gumbert
    LVL 12

    Expert Comment

    You want to do this over the internet, outside of a tunnel? very bad idea. I would secure the link and allow all ports, log, review logs and work backwards based on real traffic instead of expected port usage.
    -If you have to do this outside of a static tunnel then at the very least allow only such traffic between the specific external IPs

    Author Comment

    i want to do this with the domain of the sales department and im in the IT department, it´s the same network but we are in different subnets, and with different domains, it will not be across the internet.
    LVL 12

    Accepted Solution

    I personally think the same applies...
    On your firewall, allow all but LOG the traffic...
    -Work backwards from the logs. When I say that what I mean is this....... The logs should clearly show traffic flowing back and forth through specific ports and protocols.. Note them down, investigate what they are.. Build policies based on what is really goinng on, close all ports and protocols that are not necissary... IMO this is the best way to do it.. If you insist on doing it based on what you expect to see, search on google for "ISA ports for windows domain", or what ports does domain traffic use.
    Heres a good one

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now