Hi,
I'm planning on adding a domain joined DA server in my DMZ. The DA server will have 2 NICs, one for the internal network and the other for the external. I'll be using two consecutive public IPv4 addresses.
On my external firewall I'll be opening the following ports for my DA server:
- Port 443 inbound and outbound
- UDP 3544 inbound and outbound.
On my Juniper firewall between the internal network and DMZ I'll be opening the following bi directional ports between my DC and DA server:
- IP Protocol 41 inbound and outbound.
TCP/UDP 53, 88, 3389, 389, 443, 445, 636, 3268, 3269
Am I right in thinking that in order for my DA clients to reach file shares (for example) I need to ensure that the required protocol and ports are open between my DA server and my file share (i.e. 443)? Doesn't this open a whole load of security holes?
Thanks
IT Support/Everything