Re: [FW-1] AD logon ports

Subject:	Re: [FW-1] AD logon ports
From:	Hal Dorsman <hdorsman AT RMEF DOT ORG>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 16 Feb 2006 07:13:22 -0700

AD auth uses endpoint mapper which is an rpc service on tcp 135.  
Here is the best article I've ever seen on the subject:
http://support.microsoft.com/kb/832017/en-us
There's a section specifically on AD requirements.

As always, if you are unsure of ports needed.  Create an any rule
with logging and see what your clients produce.

Hal

-----Original Message-----
From: David CALLEBAUT [AEMS Be]
[mailto:david.callebaut AT AEMARKETSOLUTIONS DOT COM] 
Sent: Thursday, February 16, 2006 3:50 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] AD logon ports


Hi all,

Does someone know what RPC or DCE-RCP  (or yet another) service I need
to allow for a MS machine in a DMZ to logon to the Active Directory
through a FW-1 R55HFA07 on IPSO3.8? 

I've already opened LDAP, kerberos, DNS. But I know that there is also
an RPC connection. 
However I am unable to find out which one I should use and I don't find
any info about it either on Checkpoints SK or other resources.

Perhaps I'm overlooking something here?
Does anybody have any info?

Any help would be greatly appreciated!

David Callebaut

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] AD logon ports, David CALLEBAUT [AEMS Be] Re: [FW-1] AD logon ports, Garcia, Ivan Re: [FW-1] AD logon ports, Hal Dorsman <= [FW-1] Eventia Reporter NGX Email Problem, Tony Montesano Re: [FW-1] AD logon ports, Fabrice BARUTEL [FW-1] AD logon ports, Mate Katavich

Previous by Date:	Re: [FW-1] Problem with NGX command: upgrade_export, Tony Montesano
Next by Date:	[FW-1] CLearing VPN tunnel in ASF, john maverick
Previous by Thread:	Re: [FW-1] AD logon ports, Garcia, Ivan
Next by Thread:	[FW-1] Eventia Reporter NGX Email Problem, Tony Montesano
Indexes:	[Date] [Thread] [Top] [All Lists]