Solved

Site replication - wich ports shall be opened in the firewall

Posted on 2010-11-30
4
730 Views
Last Modified: 2012-05-10
Hi guys,

i´ve got a windows 2003 domain and a disaster recovery site, my issue is to know which ports shall i open so the domain controller can communicate to the DR site. All service shall work (DNS, DHCP, AD, Fileserver, Exchange, SQL, etc...)

I know that there is a bunch of ports, but cannot find the official Microsoft release about this subject.

Any help is welcome.

Thanks.
Paulo


0
Comment
Question by:pmaribeiro
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:jcurrie
Comment Utility
You just need the DC in the primary site to communicate with the DC in the DR site. Correct?
0
 
LVL 3

Author Comment

by:pmaribeiro
Comment Utility
Yes but thats true but in the middle i´ve got distinguished VLANs so i´ll need to allow the ports so the DC can communicate.

Beeing a DR the site is far away from our HQ, its connected by a WAN Link if that matters for the equation.

thanks,
0
 
LVL 4

Accepted Solution

by:
jcurrie earned 500 total points
Comment Utility
The problem is that many of the ports you need are dynamic. You need to open massive port ranges and it really becomes far less secure then you would like it to be.

Here is how I have addressed this situation many times.

1) Create an IPSec policy on both servers to request secure communications between the two servers

http://support.microsoft.com/kb/816514


2) Open the ports necessary in the firewall for the IPSec Tunnel between the two servers
      a)AH
      b)UDP 500
      c)ESP

3) You may also need some other ports like DNS or IKE depending on which particular settings you use for your IPSEC configuration


   
0
 
LVL 3

Author Closing Comment

by:pmaribeiro
Comment Utility
Thanks,

This is the solution i´ve needed.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
What are RFC 3 53
ip address(es) of current connection? 27 71
FTP output from Wireshak 6 46
Eigrp versus OSPF in a ring topology 3 40
I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now