|
Posted by =?Utf-8?B?QXJtYW4gT2Jvc3lhbg== on February 19, 2007, 9:27 am
If you were Registered and logged in, you could reply and use other advanced thread options
Blocking all not necessary ports for servers on Firewall (CISCO ASA)
The Problem looks as follows:
We have Servers in different network segment, between users and servers
there is an Firewall.
It is necessary on Firewall (CISCO ASA) to block all not needed incoming
ports for following servers and services and to leave only those which are
necessary for normal work with the client
1) Domain Controller (Windows Server 2003 SP1) - All Clients is Windows
XP/2000
I try to create table for some ports
88 UDP Kreberus
88 TCP Kreberus
123 UDP NTP
135 TCP RPC end.map/DCOM
137 UDP NetBIOS
137 TCP NetBIOS
138 UDP NetBIOS datagram
139 TCP NetBIOS session
389 UDP LDAP Discovery
389 TCP LDAP
445 TCP SMB
464 UDP Kerberus Password Change
464 TCP Kerberus Password Change
639 TCP LDAP over SSL
3268 TCP Global Catalog
3269 TCP Global Catalog over SSL
That's all necessary incoming ports for normal Active Directory
functionality witch clients?
2) Exchange Server (Back) (2003 SP2) - All Clients is Outlook XP/2003/2007
(MAPI, some users POP3/SMTP)
25 TCP SMTP
25 UDP SMTP
110 TCP POP3
How about MAPI Clients? Outllok 2003/XP/2007 what ports they need?
3) Exchange Server (Front) (2003 SP2) ActiveSync, Outlook RPC
443 TCP SSL (as I understand is only one needed port.)
4) Fileservers (Windows Server 2003 R2)
445 TCP (SMB) only one? Or I need also some netbios ports?
5) Database (SQL Server 2000 SP4) some users need access to sql db
1433 TCP
Someone or somewhere can I get that information what INCOMING ports do I
need to open on Firewall for normal client-server communication for listed
servers and service?
Of course I can Use Windows Security Configuration Wizard and do all it in
few minutes, but its must done on firewall :-(
Arman O.
Thanks
| 
XML site map