Re: Firewall between DC and member servers
- From: "Jorge de Almeida Pinto [MVP]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Wed, 21 Jun 2006 15:15:29 +0200
the little gain of security you are talking about does not weight against
the management of that stuff...
I have seen situation where a FW in time became more and more open it looked
like swiss cheese. in those cases your security is broken down for each open
port and from some point on it is not even worth having a FW.
well...
whatever...
I'm don't agree doing this and you do.
two opinions athat dont match...
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:%23g%230MJTlGHA.4212@xxxxxxxxxxxxxxxxxxxxxxx
Once again you're saying that there's no point to have FW between DC and
member servers as stated in the original post.
Once again you're wrong.
Already told you that in some specific situations, security can be
increased, although is almost impossible to have 100% security, you can
make it better, and I rather do something to increase security than doing
nothing.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:%23MlwyySlGHA.5108@xxxxxxxxxxxxxxxxxxxxxxx
ok... lets go back to what I said:
"putting a firewall between DCs and servers/clients or swiss cheese is
practically the same"
I'm NOT talking between DCs (which can be realized with several configs
like preferred BHs, or manual COs and static ports for AD and SYSVOL),
but between servers/clients. The latter means opening up a crap load of
ports!
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:eQ$O1vSlGHA.1640@xxxxxxxxxxxxxxxxxxxxxxx
????
What I'm trying to say to you is that in some situations you need to
open FW for replication or any other traffic occurs
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:%23d8juxRlGHA.4172@xxxxxxxxxxxxxxxxxxxxxxx
don't return the question, please answer it
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:OsL06fLlGHA.5072@xxxxxxxxxxxxxxxxxxxxxxx
Well, did you already try to setup a Branch Office in ISA server
without configuring FW rules...? Try that without configuring Network
rules or Firewall rules and you see what happens.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in
message news:eJf3lXLlGHA.1600@xxxxxxxxxxxxxxxxxxxxxxx
please explain...
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:OtOVAQLlGHA.2304@xxxxxxxxxxxxxxxxxxxxxxx
putting a firewall between DCs and servers/clients or swiss cheese
is practically the same
Sorry, not necessarily true.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in
message news:%23sIAihKlGHA.4284@xxxxxxxxxxxxxxxxxxxxxxx
putting a firewall between DCs and servers/clients or swiss cheese
is practically the same
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers
no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"lightcap" <lightcap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:60325635-31B8-4E00-B789-2F38B76A7056@xxxxxxxxxxxxxxxx
I'm checking packet traces to see what goes on between a DC and a
member
server since we will have a firewall in between. There are a
couple things
that are not mentioned in KBs and white papers I've read.
Primarily there are
a lot of RPC calls. What are they likely to be? White papers say
they are
necessary for DC replication but do not mention them for DC to
member
communication. There are also pings which I believe are related to
SMB on
port 445. I gleaned that nugget while playing with Windows
Firewall. What
happens if there is no reponse to the pings? Will SMB fail? TIA
.
- Follow-Ups:
- Re: Firewall between DC and member servers
- From: Jorge de Almeida Pinto [MVP]
- Re: Firewall between DC and member servers
- References:
- Re: Firewall between DC and member servers
- From: Jorge de Almeida Pinto [MVP]
- Re: Firewall between DC and member servers
- From: Jorge Silva
- Re: Firewall between DC and member servers
- From: Jorge de Almeida Pinto [MVP]
- Re: Firewall between DC and member servers
- From: Jorge Silva
- Re: Firewall between DC and member servers
- From: Jorge de Almeida Pinto [MVP]
- Re: Firewall between DC and member servers
- From: Jorge Silva
- Re: Firewall between DC and member servers
- From: Jorge de Almeida Pinto [MVP]
- Re: Firewall between DC and member servers
- From: Jorge Silva
- Re: Firewall between DC and member servers
- Prev by Date: Re: Branch Office DC Best Practice
- Next by Date: Re: Branch Office DC Best Practice
- Previous by thread: Re: Firewall between DC and member servers
- Next by thread: Re: Firewall between DC and member servers
- Index(es):
Relevant Pages
|
Loading
