cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
551
Views
0
Helpful
5
Replies

Ports needed to be open for Windows 2000 Domain Controller

msgulotta
Level 1
Level 1

We are installing a Windows 2000 domain controller on one of our DMZ's. I need to know what port/ports on the PIX will need to be open to the DNS server so that the domain controller can dynamically register its SRV records.

Port 53 any others?

Thanks in advance.

5 Replies 5

mjones
Level 1
Level 1

Although you should not provide authentication services or SMB access to the DMZ these are the ports you would open if you needed to provide those services.

LDAP 389

RPC 138-139

albadger
Level 1
Level 1

See the following MS webpage for further details on ports: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q150543

sconnolly
Level 1
Level 1

One of the problems with locating a Win2K server in the DMZ, is that it needs to talk back to all DCs on the network, using all the wonderful ports that Microsoft uses. Depending on the size of your network, that could be a rules to create.

Another option that you have is to tunnel that traffic over IPSEC. We do this with many of the Outlook Web Access Servers that we install, in clients' DMZs. No only does this limit the number of ports that you need to open up, it also protects that data from being seen on the network.

There are a couple Microsoft articles you may want to check out.

Q254949

Q233256

Feel free to drop me an email if you have an quesitons.

harperb
Level 1
Level 1

I think this should do it. The WINS ports are not listed here but they are on the MS Website if you need to add them.

TCP and UDP

port-object range 137 139

port-object range 88 88

port-object range 1026 1026

port-object range 445 445

port-object range domain domain

port-object range 389 389

port-object range 135 135

port-object range 1065 1065

port-object eq kerberos

WINS needs 135, 137 and possibly 138

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: