• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 522
  • Last Modified:

what rules are recommended for outgoing?

Hello.
i'm configuring my tmg I have two stages.

a) A server farm, nobody are accesing from inside, only are being accessed from Internet
.
b) An Office with TMG, Domain controller, Exchange, sharepoint and Remote Desktop. Here are computer inside that need use Internet. I want to protect the nor safe connections (troyans, spam, etc...)

I need to know:

a) the outgoing trafic for the servers as: time syncronization, DNS, RIP?? ...

b) the outgoing safe trafic for the inside computers.

I have ForeFront TMG 2010 and a zywall USG 100 in both stages.

Thanks
0
limmontreefree
Asked:
limmontreefree
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
Generally the only outbound are ntp, dns, http, https, smtp (or smtp/pop depending on your environment). Other local apps you may want to allow out are obviously only known to you....

Others you may need to consider could be tcp port 80 (as opposed to http protocol which uses tcp port 80 but is subject to the TMG http filter) and possibly ftp.

As always, it is down to the security profile applied by your company.

RIP? Not a chance - also as part of the basic setup you will have disabled netbios on the TMG external nic.

For the inbound to the published sites, allow nothing bar the services you want to be made acccessible.

Lastly, you will need to add access rules from the internal to localhost for remote admin etc. (Shown as terminal services in the protocols list within TMG).

Keith
0
 
limmontreefreeAuthor Commented:
Thanks a lot.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now