troubleshooting Question

RODC Ports

Avatar of cheto06
cheto06 asked on
Software FirewallsHardware FirewallsActive Directory
13 Comments3 Solutions5407 ViewsLast Modified:
So I created an RODC on the DMZ, however, I am no trying to lock down the firewall rules and only open the required ports.
The MSFT KB: says to open these,
49152 -65535/UDP	123/UDP	W32Time
49152 -65535/TCP	135/TCP	RPC-EPMAP
49152 -65535/TCP	138/UDP	Netbios
49152 -65535/TCP	49152 -65535/TCP	RPC
49152 -65535/TCP/UDP	389/TCP/UDP	LDAP
49152 -65535/TCP	636/TCP	LDAP SSL
49152 -65535/TCP	3268/TCP	LDAP GC
49152 -65535/TCP	3269/TCP	LDAP GC SSL
53, 49152 -65535/TCP/UDP	53/TCP/UDP	DNS
49152 -65535/TCP	135, 49152 -65535/TCP	RPC DNS
49152 -65535/TCP/UDP	88/TCP/UDP	Kerberos
49152 -65535/TCP/UDP	445/NP-TCP/NP-UDP	SAM/LSA

however on my firewall (netscreen SSG5) all i can find are these (DNS, ICMP-ANY, LDAP, SMB, SMTP). When I lock down to these ports I can't no longer logon to my RODC.

Any thoughts?
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 3 Answers and 13 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros