Security Basics mailing list archives
Re: Ports between ISA and DC
From: Hernán M. Racciatti <hracciatti () gmail com>
Date: Fri, 28 Jan 2005 08:53:51 -0300
On 27 Jan 2005 08:48:33 -0000, sf_mail_sbm () yahoo com <sf_mail_sbm () yahoo com> wrote:
Hi List, I have the following config ____ INTERNET <------| FW |--------> Domain Controller (in LOCAL LAN) | | ----- ISA (in DMZ) ISA is doing Web Proxy only Only users in a particular user group can access the web Trying to find out the ports that ISA needs to talk with the DC for authentication of users instead of opening all ports on the Firewall Could not find same from Microsoft site If someone knows the ports that need to be opened, please share it with us Thanks, Ronish
Hi Ronish, Above you found some for begin... Members Servers in DMZ -> Internal DCs ADLogon/DirRep * 50000 TCP Outbond DNS 53 TCP Outbound 53 UDP Outbound/Inbound Kerberos-Adm (UDP) 749 UDP Outbound/Inbound Kerberos-Sec (TCP) 88 TCP Outbound Kerberos-Sec (UDP) 88 UDP Outbound/Inbound LDAP 389 TCP Outbound LDAP (UDP) 389 UDP Outbound/Inbound LDAP GC (Global Catalog) 3268 TCP Outbound Microsoft CIFS (TCP) 445 TCP Outbound NTP (UDP) 123 UDP Outbound/Inbound Ping ICMP Type 8 Outbound/Inbound RPC (All Interfaces) 135 TCP Outbound * Tip: for RPC fix in one port!!! 50000 in this case. See you, -- Hernán Marcelo Racciatti Core Team Member ISECOM (Institute for Security and Open Methodologies) Coordinator OISSG, Argentina (Open Information System Security Group) [mailto:hracciatti () gmail com] [http://www.hernanracciatti.com.ar]
Current thread:
- Ports between ISA and DC sf_mail_sbm (Jan 27)
- Re: Ports between ISA and DC Hernán M . Racciatti (Jan 28)
- <Possible follow-ups>
- RE: Ports between ISA and DC Roger A. Grimes (Jan 28)
- RE: Ports between ISA and DC Price, Robert H (Jan 28)