Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
1
Replies

ad trust

cgarringer
Level 1
Level 1

‎10-30-2014 11:47 AM - edited ‎03-11-2019 10:00 PM

I have a requirement to allow 2-way trusts between AD domains for a corporate changeover.    My firewall for this connection is a zone-based firewall on a 2921.    My question is, do I need to open every TCP port between 1024 and 65535 as per Microsoft for thier RPC or will the ZBF inspection rules handle that?

Labels:
0 Helpful
1 Reply 1

Pedro Lereno
Level 1
Level 1

‎10-31-2014 07:16 AM

Hi,

 

I think ZBF will only handle in one direction (in to out).

Did you thought about implementing a tunnel between AD servers to accomplish that trust?

http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx

http://technet.microsoft.com/en-us/library/bb742429.aspx#EGAA

 

Regards,

 

Pedro Lereno

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card