jjoz
asked on
Firewall port to open in CISCO device to allow Forefront TMG 2010 to join domain and publish Exchange 2007 ?
Hi All,
Does anyone know what server ports that I need to open/allow in the hardware firewall between DMZ and internal LAN ?
at the moment I opened port 443 (SSL) and port 389 so that my TMG can talk to the Domain Controller but I still cannot join the domain ?
FYI: my TMG 2010 std is in DMZ while the domain controllers are in internal LAN. Between the zone i have cisco firewall in place.
Thanks.
Does anyone know what server ports that I need to open/allow in the hardware firewall between DMZ and internal LAN ?
at the moment I opened port 443 (SSL) and port 389 so that my TMG can talk to the Domain Controller but I still cannot join the domain ?
FYI: my TMG 2010 std is in DMZ while the domain controllers are in internal LAN. Between the zone i have cisco firewall in place.
Thanks.
Why are you using a cisco firewall AND FTMG??
ASKER
oh I mean I implement IP access list to make it secure further between zone.
I am still wondering why port 443 and 389 is not enough to join this TMG2010 into the domain ?
I am still wondering why port 443 and 389 is not enough to join this TMG2010 into the domain ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the reply
so it seems that port 443 and 389 is not enough, so I'll have to open the following ports:
DNS (53/tcp and 53/udp)
Kerberos-Adm (UDP) (749/udp)
Kerberos-Sec (TCP) (88/tcp)
Kerberos-Sec (UDP) (88/udp)
LDAP (389/tcp)
LDAP UDP (389/udp)
LDAP GC (Global Catalog) (3268/tcp)
Microsoft CIFS (TCP) (445/tcp)
Microsoft CIFS (UDP) (445/udp)
NTP (UDP) (123/udp)
PING (ICMP Type 8)
RPC (all interfaces) (135/tcp)
is that all what I should open ?
I didn't knew that it was so many ports to open just to join the domain and enable the Kerberos Constrained Delegation.
so it seems that port 443 and 389 is not enough, so I'll have to open the following ports:
DNS (53/tcp and 53/udp)
Kerberos-Adm (UDP) (749/udp)
Kerberos-Sec (TCP) (88/tcp)
Kerberos-Sec (UDP) (88/udp)
LDAP (389/tcp)
LDAP UDP (389/udp)
LDAP GC (Global Catalog) (3268/tcp)
Microsoft CIFS (TCP) (445/tcp)
Microsoft CIFS (UDP) (445/udp)
NTP (UDP) (123/udp)
PING (ICMP Type 8)
RPC (all interfaces) (135/tcp)
is that all what I should open ?
I didn't knew that it was so many ports to open just to join the domain and enable the Kerberos Constrained Delegation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ah cool.
thanks for the confirmation.
thanks for the confirmation.
ASKER
thanks man !