| |
CalNetAD Firewall Configuration Information
Updated: 2/20/2008
This document is to be used as a guide for OU administrators on how to configure firewalls for use with CalNetAD.
Software Firewalls
Symantec Client Firewall:
Using Symantec Client Firewall 7.x or later in an Active Directory Environment.
Hardware Firewalls
Outbound Traffic
Hardware firewalls require the following outbound ports open to communicate
properly with CalNetAD:
| Service |
Destination Host (berkeley.edu) |
Source Ports |
Destination Ports |
| DNS |
ns1
ns2
|
TCP/1024-65,535
UDP/1024-65,535 |
TCP/53,UDP/53 |
| Kerberos |
kerberos
kerberos-1
actdir01.uc
actdir02.uc
actdir03.campus
actdir04.campus
actdir05.campus
actdir06.uc
actdir07.campus
actdir08.campus
actdir09.uc
|
UDP/88,TCP/88
TCP/464 |
Location Service
(RPC, RPC EP Mapper, WINS Manager, DHCP Manager,
MS DTC)
|
|
TCP/135 |
NetBIOS Name Service
(Logon Sequence, Windows NT 4.0 Trusts, Windows
NT 4.0 Secure Channel, Pass Through Validation, Browsing, Printing)
|
|
UDP/137 |
NetBIOS Datagram Service
(Logon Sequence, Windows NT 4.0 Trusts, Windows
NT 4.0 Directory Replication, Windows NT 4.0 Secure Channel, Pass
Through Validation, NetLogon, Browsing, Printing)
|
|
UDP/138 |
NetBIOS Session Service
(NBT, SMB, File Sharing, Printing, Logon Sequence,
Windows NT 4.0 Trusts, Windows NT 4.0 Directory Replication, Windows
NT 4.0 Secure Channel, Pass Through Validation, Windows NT 4.0 Administration
Tools [Server Manager, User Manager, Event Viewer, Registry Editor,
Diagnostics, Performance Monitor, DNS Administrator])
|
actdir01.uc
actdir02.uc
actdir03.campus
actdir04.campus
actdir05.campus
actdir06.uc
actdir07.campus
actdir08.campus
actdir09.uc
|
TCP/139 |
| RPC dynamic assignment |
|
TCP/49152-65535 |
SMB over IP
(Microsoft-DS) |
|
TCP/445 |
| LDAP/Global Catalog |
|
TCP/389, UDP/389
TCP/636, UDP/636
TCP/3268
TCP/3269 |
| Network time protocol (NTP) |
|
UDP/123 |
| ICMP (Ping) |
|
- |
- |
Resources
|
|
