abhi1024
asked on
Windows firewall ports to open on memeber server for domain controllers
We have a requirement to restrict traffic from a member server. We need to block all inbound and outbound traffic using Windows Firewall and only open ports for Active Directory communication,Group Policy and DNS.
What ports (inbound and outbound) need to be opened for this ?
What ports (inbound and outbound) need to be opened for this ?
Using Windows Firewall? All rules are already defined. I wouldn't bother with outbound rules
The following is the list of services and their ports used for Active Directory communication:
UDP Port 88 for Kerberos authentication
UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
TCP and UDP Port 445 for File Replication Service
TCP and UDP Port 464 for Kerberos Password Change
TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly
Also see what the ports required for your antivirus.
UDP Port 88 for Kerberos authentication
UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
TCP and UDP Port 445 for File Replication Service
TCP and UDP Port 464 for Kerberos Password Change
TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly
Also see what the ports required for your antivirus.
ASKER
Are the ports to be opened inbound and outbound ? How about dynamic ports ?
There must be two way communication in between for smooth functioning of AD.
If you want it only for member server then it depend on your requirements and purpose of that member server....
If you want it only for member server then it depend on your requirements and purpose of that member server....
ASKER
All is required on the member server is to have all ports open to able to communicate and authenticate to AD Servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Satish Auti (https:#a42125216)
-- Shaun Vermaak (https:#a42125409)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Satish Auti (https:#a42125216)
-- Shaun Vermaak (https:#a42125409)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
To resolve the Issue regarding Windows Firewall you should first check your firewall settings , Networks and sharing centre disable the required fields and again try by restarting your computer, If the problem persists the contact Windows Customer Care they will provide a better and alternative method to resolve your problem as they are having hand on practical training in this particular field.