Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

AD replication thru firewalls

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD replication thru firewalls

    Hi all,

    I have a problem, I like computers. I have another problem, computers don't like me.

    I have 3 W2k3 DC's at the main office.

    I am adding a branch and I took 1 DC to the branch office.

    I should mention that these DC's are all in same domain. We want to span 1 domain over 2 sites.

    There are 2 firewalls. 1 at the branch and 1 at the main office. I configured the main office firewall to accept packets from the branch firewall on ports:

    TCP UDP 53
    TCP UDP 88
    TCP 135
    TCP UDP 137
    TCP UDP 138
    TCP UDP 139
    TCP 445
    TCP 389
    TCP 1025
    TCP 3268
    TCP 64000 this is the static RPC port that I configured on all DC's per
    M319553 and 224196

    The main office firewall is supposed to route the packets to both DC's in the main office.

    I configured the same ports to be accepted on the branch office firewall. Its supposed to accept packets on the above mentioned ports from both DC's and route them to my branch DC

    There are some interesting configs that we have. Both main branch DC's have real world IPs( don't ask why I won't go there). The branch DC does not have a real world IP just has a 192.168.168.XXX address.

    On the branch firewall I can see the branch DC trying to send packets to the main office DC(not to the main office firewall) on port 135. but there is no response.

    What am I doing wrong??

  • #2
    Re: AD replication thru firewalls

    First of all you are opening the Hacker's favourite ports on your firewall.

    Why not introduce a firewall-to-firewall natting VPN? You only need to open one port (maybe two at a push) and all the traffic on the tunnel port will be encrypted... and you can configure it so that all branch-to-branch traffic goes via the VPN.


    configure IPSEC for all inter-branch traffic before opening all those nasty firewall ports.

    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you


    • #3
      Re: AD replication thru firewalls

      Fire-wall to firewall VPN as mentioned is a good option, what firewalls are you using?


      • #4
        Re: AD replication thru firewalls

        Originally posted by Mouse View Post
        Fire-wall to firewall VPN as mentioned is a good option, what firewalls are you using?
        I got 2 Sonicwall firewalls. a 4060 at the main office and a smaller Sonicwall at the branch don't remember the model.