|
Posted by S. Pidgorny on March 8, 2008, 9:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> Thanks for the reply.
> So the high tcp ports need to be opened on the client side as well even
> though the client is initiating the connection and the outbound traffic
> are
> not blocked?
> I was hoping that we just needed to open the ports on the DC side.
>
> "S. Pidgorny <MVP>" wrote:
>
>> "We won't modify the registry to use a static port for RPC for some
>> reason." - is that a legitimate reason? Your other options are opening
>> range
>> of ports between the hosts, allowing all traffic between the client and
>> the
>> DC, and decommisioning the hardware firewall. I would start with fixing
>> the
>> port.
>>
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> > We unfortunately have a firewall (hardware based not the host based)
>> > between
>> > this one client (only one, the others are on our LAN) and our domain
>> > controller.
>> > Outgoing traffic are not blocked on either side.
>> >
>> > We won't modify the registry to use a static port for RPC for some
>> > reason.
>> > And we can't use the VPN.
>> > So on the hardware firewall that's protecting the domain controller (no
>> > host
>> > based firewall) side, we're going to allow all traffic from that one
>> > client
>> > to the domain controller.
>> >
>> > On the client side (on the hardware firewall, there's no host based
>> > firewall
>> > on the client) the usual MS ports are open ex) 135, 137 U, 138 U, 139,
>> > 445.
>> > Do we need to open the dynamic ports on the firewall that's protecting
>> > the
>> > client side 1024:65535 or just by opening all traffic on the domain
>> > controller side as I mentioned above will take care of the traffic?
>> >
>> > Thanks
>>
>>
>>
| 
XML site map