Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Domain cross the PIX

What ports need to be openned to put a Microsoft server to DMZ network and still keep this server a part of the active directory that is inside the PIX?

Thanks,

Michael

2 REPLIES
New Member

Re: Domain cross the PIX

The basic ports and protocol are listed below:

UDP 88 Kerberos

TCP 135 SMB

UDP 137 SMB

UDP 138 SMB

TCP 139 SMB

TCP 389 LDAP

TCP 445 Microsoft-DS

But you may have to deal with connections above 1024 as well, depending on what you are doing. How you handle it also depends on if you are using conduits or access-lists.

Monitor the log file for denied connections to see what else needs to be opened up. But every port that is opened, reduces the security level between the DMZ and your internal network.

-bill

New Member

Re: Domain cross the PIX

The other alternitive is leave the server (email) inside the firewall and open the port directly from outside to inside for smtp and http and several others. So I weighted these two options and prefered moving the email server to DMZ. But I have to deal with the domain.

Thanks,

Michael

73
Views
0
Helpful
2
Replies