Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ad trust

I have a requirement to allow 2-way trusts between AD domains for a corporate changeover.    My firewall for this connection is a zone-based firewall on a 2921.    My question is, do I need to open every TCP port between 1024 and 65535 as per Microsoft for thier RPC or will the ZBF inspection rules handle that?

1 REPLY
New Member

Hi, I think ZBF will only

Hi,

 

I think ZBF will only handle in one direction (in to out).

Did you thought about implementing a tunnel between AD servers to accomplish that trust?

http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx

http://technet.microsoft.com/en-us/library/bb742429.aspx#EGAA

 

Regards,

 

Pedro Lereno

 

46
Views
0
Helpful
1
Replies
CreatePlease to create content