Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2468
Views
0
Helpful
2
Replies

AD dynamic port range should allow in firewall

MrBeginner
Spotlight
Spotlight

‎04-03-2020 11:15 AM

Hi,

I would like to ask about to allow essential port on firewall to secure.

I saw essential port to open for active directory service as below .

RPC endpoint mapper: port 135 TCP
LDAP: port 389 TCP, UDP
LDAP over SSL: port 636 TCP
Global catalog LDAP: port 3268 TCP
Global catalog LDAP over SSL: port 3269 TCP
DNS: port 53 TCP, UDP
Kerberos: port 88 TCP, UDP
SMB over IP (Microsoft-DS): port 445 TCP

 

I can understand to allow in firewall above port list. But i don't understand why we need to allow dynamic port range for AD ( 49152 - 65535 range). 

let me know should we allow this port range in firewall ? let me know any security concern for those dynamic port ?

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎04-03-2020 11:28 AM - edited ‎04-03-2020 11:37 AM

Hi,
Active Directory uses random ports (for RPC from memory), so that is why you need to open up a range of ports.

 

If it's for a Domain trust, then the port range is actually 1024-65535, reference here.

I personally would be concerned about doing this, what is the use case?
Are you permitting this traffic to a DMZ? Or a WAN connection to a 3rd party?

HTH

0 Helpful

MrBeginner
Spotlight
Spotlight
In response to Rob Ingram

‎04-05-2020 10:26 PM

Hi ,

Sorry for wrong question.

they are using remote assistance. port

so they told me to open TCP/UDP ports 49152 to 65535 for Remote Assistance.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card