MicromissionS

Active Directory Domain members located in DMZ

May 22, 2008 in Infrastructure, MS Active Directory

It is good practice to have DMZs in our network to isolate some services or to separate some services, because it is known that some services classified in two categories “Anonymous Access & Authenticated Access”, but sometimes these services is obtained by domain member; so firewall shall be configured to permit AD traffic:

Firewall must allow from domain member server in the DMZ to Domain Controller:

1. Microsoft CIFS (TCP & UDP).

2. DNS traffic.

3. Kerberos-adm (UDP).

4. Kerberos-sec (TCP).

5. Kerberos-sec (UDP).

6. LDAP.

7. LDAP Global Catalog.

8. RPC.

9. NTP (UDP).

Number of views: (780)

Click here to submit your review.

Submit your review
Name: *
Email: *
Website:
Review Title:
Rating:	1 2 3 4 5
Review:

* Required Field Check this box to confirm you are human.

← Deleted SVC records in the DNS

Migrating Enterprise Root Certificate Authority to a New Domain Controller With Different Server Name →

MicromissionS

Active Directory Domain members located in DMZ

Leave a reply Cancel reply

Recent Posts

Recent Comments

Archives

Categories

Meta