<div>
Yes it is safe it is on your internal network and 3268 is how you communicate with a GC, common port that is open and needed if DCs were in different segments/locations(common)<wbr /> &nbsp; <a href="http://technet.microsoft.com/en-us/library/bb727063.aspx" rel="ugc">http://technet.microsoft.com/en-us/library/bb727063.aspx</a><br />
<br />
Thanks<br />
<br />
Mie
</div>


Yes it is safe it is on your internal network and 3268 is how you communicate with a GC, common port that is open and needed if DCs were in different segments/locations(common)   http://technet.microsoft.com/en-us/library/bb727063.aspx [http://technet.microsoft.com/en-us/library/bb727063.aspx]

Thanks

Mie

<div>
do i need to open both incoming and outgoing from the worksations vlan?
</div>


do i need to open both incoming and outgoing from the worksations vlan?

<div>
You should enable the same on vlan.
</div>


<div>
<div class="content wysiwyg-content">
is it safe to open up this port in my network<br />
i have 2 vlans <br />
server vlans (where active directory resides)<br />
worksation VLan (users)<br />
im having issues using active directory users and computers tool from my worksation <br />
due to not being able to contact the global catalog server efficiently<br />
all traffic (VLANs) flow through out firewall<br />
if i opened up this port on the firewall so that it was opened between the 2 vlans would solve my issue<br />
<br />
do i need to open this both incomming and outgoing?<br />
is it safe to open this port on the firewall between the 2 vlans?
</div>
</div>


is it safe to open up this port in my network
i have 2 vlans 
server vlans (where active directory resides)
worksation VLan (users)
im having issues using active directory users and computers tool from my worksation 
due to not being able to contact the global catalog server efficiently
all traffic (VLANs) flow through out firewall
if i opened up this port on the firewall so that it was opened between the 2 vlans would solve my issue

do i need to open this both incomming and outgoing?
is it safe to open this port on the firewall between the 2 vlans?

Port 3268/tcp  used for the msft-gc service

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.