1

I have an environment where there is one firewall, and there is a secure segment and a DMZ segment behind it. There is a bunch of servers in the secure segment - DB server, the QA server, etc and domain controller. In the DMZ there is 1 web server open to the public.

The network admins have locked down the firewall completely. Nothing inbound, and nothing outbound unless otherwise told. I have to now produce this list. I know there are some ports that have to be open for my application, such as 1433 from the DMZ -> secure segment, etc. But I'm not aware of things that the OS may need (windows 2008 r2) and services that it runs by default that we just take for granted, as usually I've seen outbound always open. I can think of a list already, such as DNS, NTP, etc but I need somewhat of a complete list. Can anybody give me a basic list of ports that should be open for the server to function correctly, and play nice with all the other servers that are there? I can add my own ports for the application.

M.R.
  • 143
  • 1
  • 8

1 Answers1

0

Point your network admins at the following Microsoft KB article and ask them to implement the necessary rules to allow Active Directory traffic.

On top of that, apart from your known application requirements, you will most certainly require access to Windows Update (unless you are running a local instance of WSUS).

ab77
  • 615
  • 4
  • 7