|
Posted by Jay on June 8, 2007, 9:14 am
Please log in for more thread options I agree
> Just a comment: by the time you open that lot up, I am not sure what the
> firewall is preventing any longer. You may as well allow all communication
> between specified hosts or LAN in my opinion.
> Anthony
> http://www.airdesk.co.uk
>
>
>> What is missing:
>>
>> * RPC endpoint mapper (135/TCP) + a fixable
>> (http://support.microsoft.com/kb/224196/) port for login services
>> * LDAP to GC (3268/TCP)
>> * ICMP ping
>>
>> Note that Kerberos is UDP by default and LDAP is using both TCP and UDP
>> (UDP = LDAP ping); DNS also may use TCP. Protocols are important. SSL may
>> change port requirements, too. See
>> http://support.microsoft.com/kb/832017/
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>>> straightforward question - I have a range of PCs that are separated
>>> from their domain controller by a PIX. I need to know what ports are
>>> required for me to join these clients to the domain.
>>>
>>> the doc 'Active Directory in Networks Segmented by Firewalls' leads me
>>> to believe I need:
>>>
>>> 445 (DS)
>>> 88 (Kerberos)
>>> 389 (LDAP)
>>> 53 (DNS)
>>>
>>> assume both TCP and UDP for the above. The problem is I am getting and
>>> RPC error and I see 135 being dropped by my PIX. What are the ports
>>> needed to join a computer to a domain?
>>>
>>> Is there a 'right' way to do this?
>>>
>>> Thanks
>>> Blake
>>
>>
>
>
| 
XML Sitemap