topic Re: pix and active directory in Network Security

pix and active directory

mrmozaffari — Fri, 21 Feb 2020 09:13:36 GMT

Please someone tell me ,where is the best place for active directory server when we have a pix with 6 ports and active directory users on inside interface ?

do i need to seperate active directory server from inside users ?

if i want to do that is there any fixup to permit RPS works ?

This is because of security for domain server and i want to restrict it from inside users that they have not full access to server.

Thanks.

Re: pix and active directory

a.kiprawih — Tue, 10 Oct 2006 23:45:42 GMT

Users normally need to sit in the same domain with AD. You can place the AD and end-users together in your internal network, but put them under separate/different Vlans.

With firewall, it will break the domain, but I think you can still try and test it by allowing TCP 445 (open in ACL) from AD to end-users (and vice-versa).

There might be other ports needed as well, like netbios-ns (tcp/udp 137), netbios-dgm (tcp/udp 138) and netbios-ssn (tcp/udp 139)

Cheers!