11-29-2007 12:56 AM - edited 03-11-2019 04:36 AM
Hi all, I have a pc in the dmz, I need to allow it to log onto the domain,
Can anyone tell me what ports I need to open to my domain controllers for this to happen?
cheers
Carl
11-29-2007 07:56 AM
Carl-
A ton of them. Seriously it's too many to still ensure security. Having a server in a DMZ that is a member of the domain is a major security risk. Google Group for windows domain firewall and you should see the problems people have had getting this to work. We tried it once at a customer site, but eventually moved the server inside.
HTH
11-29-2007 08:09 AM
Carl, whether this link can help or not Im sure it can, we went through this on another thread while back, please refer to it as there are some links also for Domain authentication and ports information . if problems let us know.
HTH
Jorge
11-29-2007 08:21 AM
In situation like this, the best firewall
is a checkpoint firewall because checkpoint
understand microsoft DCOM ports and it knows
how to handle microsoft Domain authentication
so the security is vastly superior than Cisco
pix or asa firewall
if you already have a pix in place, you would
need at minimum:
ldap(s): tcp/udp 636
kerb: tcp/udp 88
ldap(s): tcp/udp 389
dns: tcp/udp 53
wins: tcp/udp 137/138
nbt: netbios, rpc, etc...
11-29-2007 08:25 AM
Kevin-
I'm not disputing the capabilities of Checkpoint, however the firewall in this case not make it more/less secure, it just makes it easier to configure.
11-29-2007 08:45 AM
the firewall can help in making this more
secure by not opening more ports than necessary.
Checkpoint understands how Microsoft DCOM works.
As you know with Active directory and Exchange
server, DCOM uses random ports. By
understanding how DCOM works, you do not have
to open all ports >1024.
11-29-2007 08:48 AM
I made the assumption that people usually use RPC over HTTPS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide