Re: AD what tcp/ip port or registry settings?

Is ICMP allowed across the firewall? (ICMP is needed in order to have GPOs
be processed.)

"MarcusB" <marcusb@xxxxxxxxx> wrote in message
news:OInKwP1ZFHA.3096@xxxxxxxxxxxxxxxxxxxxxxx
> We have our domains controlers behind the firewall. To be able to work we
> opened a lot of ports. All are in the lists below. We changed also
> registry to make RPC to one port.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
> "TCP/IP Port"=dword:0000c000
>
> OPENED PORTS ON THE FIREWALL seperating clients and servers. Server and
> cliends are in the same building but seperated by firewall.
>
> Service Port/protocol
> RPC endpoint mapper 135/tcp, 135/udp
> NetBIOS name service 137/tcp, 137/udp
> NetBIOS datagram service 138/udp
> NetBIOS session service 139/tcp
> RPC static port for AD replication 49152/tcp
> SMB over IP (Microsoft-DS) 445/tcp, 445/udp
> LDAP 389/tcp
> LDAP over SSL 636/tcp
> Global catalog LDAP 3268/tcp
> Global catalog LDAP over SSL 3269/tcp
> Kerberos 88/tcp, 88/udp
> DNS 53/tcp, 53/udp
> WINS resolution (if required) 1512/tcp, 1512/udp
> WINS replication (if required) 42/tcp, 42/udp
> Network time protocol (NTP) 123/udp
>
> Everything is working, but it take long time to log in. If I will go with
> laptop directly behind the firewall it takes 2-5 seconds to log in. If we
> are behind firewall it takes 30 seconds or longer.
> How to solve problem??
>
>
> MarcusB


.

Relevant Pages

  • Re: Long time loging to the domain behind the firewall
    ... It is not my case to use VPN, the servers are in the same building on the same network but behind firewall. ... I just want to know maybe I need to open some extra ports and change registry etc.. ... Basically I would like if the computer detects a slow connection to try using the VPN and then run all the star-up scripts and such. ... Global catalog LDAP over SSL 3269/tcp ...
    (microsoft.public.windows.server.active_directory)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: iptables configuration
    ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
    (comp.os.linux.security)
  • Re: Norton Personal Firewall 2003
    ... |> First thing I would do is put the GRC test site into the Exclusions ... | ports they will not get the same result being in my blocklist, ... the firewall checks unsolicited inbound communications attempts. ...
    (comp.security.firewalls)
  • Re: How to stealth against ping/echo requests?
    ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
    (comp.security.firewalls)