We have a web server set up in the DMZ, and a DB serve set up in the corporate internal network, and port 1433 is already allowed for the SQL Server connections.
During the application set up from web server, we found it needs to send DTC transaction from web server to DB server, which are blocked by the firewall.
Now we try to restrict the DCOM ports range, and allow the range of ports through the firewall, but not sure how many ports should we allow, like 100, 200, or even more?
When end users access the web server, will each user process need a different port to communicate with the DB server for the DTC transactions? Or will all the processes on the web server just use one same port to send DTC transactions to the DB server? My concern is if we limit the port range too narrow, will the user connections run out of ports and get failed?
Besides, we also added a key in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\ (ServerTcpPort)", to set MSDTC to use a fixed port, is this a necessary thing to do?
Thanks so much!