Announcement

Collapse
No announcement yet.

need to place DC behind the firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • need to place DC behind the firewall

    Hello,
    I need to place DC behind the firewall.
    The domain is part of big forest. The LAN is on 172.x.x.x and is protected by firewall from subnet 10.x.x.x .
    I need to create DC on LAN 10.x.x.x that will serve 172.x.x.x and 10.x.x.x .
    There is 1 DC on 10.x.x.x already.

    The Domain and Forest are 2003 level. New DC will be 2008. There are about 30 member servers and a 500+ client machines on 172.x.x.x
    Was old design.

    What ports should be open on firewall for authentication? I plan to install DNS and DHCP on 172.x.x.x and DNS on new DC.

    Please suggest what should be done for secure and reliable functionality in this scenario.

    THX.
    Last edited by mla; 19th October 2010, 15:07.
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: need to place DC behind the firewall

    do any of these help:

    http://support.microsoft.com/kb/179442
    http://support.microsoft.com/kb/832017
    http://geekswithblogs.net/TSCustomis...09/112357.aspx
    http://forums.petri.com/showthread.php?t=12777



    ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: need to place DC behind the firewall

      THANKS! will take a look.
      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

      Comment


      • #4
        Re: need to place DC behind the firewall

        There are tons of usefull info in links provided and the main accent is made on networks that are separate by 2 firewalls and Internet

        Do you see any security issues (or others, like additional traffic) in the scenario below:

        IF
        on firewall that is between 172..x.x.x subnet and 10.x.x.x subnet whole TCP will be enabled ( any from 172.x.x.x to DC only on 10.x.x.x).

        There are other firewalls untill 172 machines will reach Internet.
        From my perspective there is no trouble because new DC(10.x.x.x) will stay on the same phisical network as 172.x.x.x machines.

        OR
        setting all the ports for proper AD communications will be more appropriate?


        Thanks.
        "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

        Comment


        • #5
          Re: need to place DC behind the firewall

          If it's within a nice, safe, secure network, then yes you should be ok permitting all TCP traffic to specific destinations of the DCs on the other subnet.

          Make sure you permit traffic in both directions!
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: need to place DC behind the firewall

            Thank you!
            "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

            Comment

            Working...
            X