Avatar of cheto06
cheto06
 asked on

Juniper SSG5

I am setting up a Read Only DC in the DMZ.  I open a bunch of ports that are needed for replication.

I am unable to log in to my RODC. If I open TCP-ANY and UDP-ANY, it works. Apparently, one of the required ports is:
UDP Dynamic Group Policy DCOM, RPC, EPM adn
TCP Dynamic Replication, User and Computer Authentication, Group Policy, Trusts (RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS)

How do I open UDP?TCP Dynamic on my Juniper SSG5?
Hardware Firewalls

Avatar of undefined
Last Comment
Qlemo

8/22/2022 - Mon
Sanga Collins

On an SSG every policy has the option to allow logging. Since you have shown that with all ports open everything works, how about creating a single policy with logging to allow traffic to your RODC. And then based on those logs create custom services.

I used this method to figure out how to allow windows server vpn traffic through my juniper firewall
ASKER CERTIFIED SOLUTION
Qlemo

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Your help has saved me hundreds of hours of internet surfing.
fblack61