Leadtheway
asked on
Windows Server 2008 Adv Firewall
Have a couple applications, sql 2005 and xenapp 6.5, we are transitioning to 2008 server R2 from 2003. I was wondering what the best practice for creating rules? Like sql using named instance and static outgoing ports, but random return. Would i have to write a rule for each port or could i say create a firewall rule for just SQL that would include all. Same with Citrix. and then create a GPO to apply these rules to the OU of the respective server?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks guys, i think adding the program path is prob the easiest way don't you? the only issue then is determining the prog path for all needed services, not so much sql as those are know, but like citrix xenapp, there are alot of required pieces that bind to svchost. I have been using a combination of a portscanner, netstat and process explorer to try to determine. You guys know of an easier way?
Citrix should have the ports documented, so an easier way to determine the required ports would be RTFM. ;-)
looks like citrix has listed the various comms port instead ...
https://support.citrix.com/servlet/KbServlet/download/2389-102-654859/CitrixPorts_by_Port_1103.pdf
https://support.citrix.com/servlet/KbServlet/download/2389-102-654859/CitrixPorts_by_Port_1103.pdf
http://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/
I suggest if you have some time to explore this with your team (see the checklists)
Windows Firewall with Advanced Security Deployment Guide
http://technet.microsoft.com/en-us/library/cc947811(v=ws.10).aspx