Security Basics mailing list archives

Re: Ports between ISA and DC

From: Hernán M. Racciatti <hracciatti () gmail com>
Date: Fri, 28 Jan 2005 08:53:51 -0300

On 27 Jan 2005 08:48:33 -0000, sf_mail_sbm () yahoo com
<sf_mail_sbm () yahoo com> wrote:


Hi List,

I have the following config
                 ____
INTERNET <------| FW |--------> Domain Controller (in LOCAL LAN)
                   |
                   |
                 -----
                  ISA (in DMZ)

ISA is doing Web Proxy only
Only users in a particular user group can access the web
Trying to find out the ports that ISA needs to talk with the DC for authentication of users instead of opening all 
ports on the Firewall
Could not find same from Microsoft site
If someone knows the ports that need to be opened, please share it with us

Thanks,
Ronish


Hi Ronish,

Above you found some for begin...

Members Servers in DMZ -> Internal DCs

ADLogon/DirRep *
50000 TCP Outbond

DNS
53 TCP Outbound
53 UDP Outbound/Inbound

Kerberos-Adm (UDP)
749 UDP Outbound/Inbound

Kerberos-Sec (TCP)
88 TCP Outbound

Kerberos-Sec (UDP)
88 UDP Outbound/Inbound

LDAP
389 TCP Outbound

LDAP (UDP)
389 UDP Outbound/Inbound

LDAP GC (Global Catalog)
3268 TCP Outbound

Microsoft CIFS (TCP)
445 TCP Outbound

NTP (UDP)
123 UDP Outbound/Inbound

Ping
ICMP Type 8 Outbound/Inbound

RPC (All Interfaces)
135 TCP Outbound

* Tip: for RPC fix in one port!!! 50000 in this case.

See  you,

-- 
Hernán Marcelo Racciatti

Core Team Member ISECOM (Institute for Security and Open Methodologies)
Coordinator OISSG, Argentina (Open Information System Security Group)

[mailto:hracciatti () gmail com]
[http://www.hernanracciatti.com.ar]

Current thread:

Ports between ISA and DC sf_mail_sbm (Jan 27)
- Re: Ports between ISA and DC Hernán M . Racciatti (Jan 28)
- <Possible follow-ups>
- RE: Ports between ISA and DC Roger A. Grimes (Jan 28)
- RE: Ports between ISA and DC Price, Robert H (Jan 28)