Solved

what rules are recommended for outgoing?

Posted on 2013-02-03
2
495 Views
Last Modified: 2013-02-03
Hello.
i'm configuring my tmg I have two stages.

a) A server farm, nobody are accesing from inside, only are being accessed from Internet
.
b) An Office with TMG, Domain controller, Exchange, sharepoint and Remote Desktop. Here are computer inside that need use Internet. I want to protect the nor safe connections (troyans, spam, etc...)

I need to know:

a) the outgoing trafic for the servers as: time syncronization, DNS, RIP?? ...

b) the outgoing safe trafic for the inside computers.

I have ForeFront TMG 2010 and a zywall USG 100 in both stages.

Thanks
0
Comment
Question by:limmontreefree
2 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 38848645
Generally the only outbound are ntp, dns, http, https, smtp (or smtp/pop depending on your environment). Other local apps you may want to allow out are obviously only known to you....

Others you may need to consider could be tcp port 80 (as opposed to http protocol which uses tcp port 80 but is subject to the TMG http filter) and possibly ftp.

As always, it is down to the security profile applied by your company.

RIP? Not a chance - also as part of the basic setup you will have disabled netbios on the TMG external nic.

For the inbound to the published sites, allow nothing bar the services you want to be made acccessible.

Lastly, you will need to add access rules from the internal to localhost for remote admin etc. (Shown as terminal services in the protocols list within TMG).

Keith
0
 

Author Closing Comment

by:limmontreefree
ID: 38849010
Thanks a lot.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question