Re: Firewall between DC and member servers

ok... lets go back to what I said:
"putting a firewall between DCs and servers/clients or swiss cheese is
practically the same"

I'm NOT talking between DCs (which can be realized with several configs like
preferred BHs, or manual COs and static ports for AD and SYSVOL), but
between servers/clients. The latter means opening up a crap load of ports!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:eQ$O1vSlGHA.1640@xxxxxxxxxxxxxxxxxxxxxxx
????

What I'm trying to say to you is that in some situations you need to open
FW for replication or any other traffic occurs


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:%23d8juxRlGHA.4172@xxxxxxxxxxxxxxxxxxxxxxx
don't return the question, please answer it

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:OsL06fLlGHA.5072@xxxxxxxxxxxxxxxxxxxxxxx
Well, did you already try to setup a Branch Office in ISA server without
configuring FW rules...? Try that without configuring Network rules or
Firewall rules and you see what happens.


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:eJf3lXLlGHA.1600@xxxxxxxxxxxxxxxxxxxxxxx
please explain...

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:OtOVAQLlGHA.2304@xxxxxxxxxxxxxxxxxxxxxxx
putting a firewall between DCs and servers/clients or swiss cheese is
practically the same



Sorry, not necessarily true.


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in
message news:%23sIAihKlGHA.4284@xxxxxxxxxxxxxxxxxxxxxxx
putting a firewall between DCs and servers/clients or swiss cheese is
practically the same

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"lightcap" <lightcap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:60325635-31B8-4E00-B789-2F38B76A7056@xxxxxxxxxxxxxxxx
I'm checking packet traces to see what goes on between a DC and a
member
server since we will have a firewall in between. There are a couple
things
that are not mentioned in KBs and white papers I've read. Primarily
there are
a lot of RPC calls. What are they likely to be? White papers say
they are
necessary for DC replication but do not mention them for DC to
member
communication. There are also pings which I believe are related to
SMB on
port 445. I gleaned that nugget while playing with Windows Firewall.
What
happens if there is no reponse to the pings? Will SMB fail? TIA














.

Relevant Pages

  • Re: Firewall between DC and member servers
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ...
    (microsoft.public.windows.server.active_directory)
  • Re: R2 in-place upgrade bug ? ..HELP
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... unnecessarily go to the firewall then pass on thru to the host. ... Jorge Silva wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Firewall on Domain Controllers
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ... Server 2003 defaults to Windows Firewall active. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adprep /forestprep for W2k3 r2
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD over firewall - done research, questions not covered
    ... only ON DCs that communicate/replicate through the firewall ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ...
    (microsoft.public.windows.server.active_directory)