04-10-2018 12:18 PM - edited 02-21-2020 07:37 AM
Hi, My server team have sharepoint installed on the DMZ. I have a firewall rule (1) allowed for corporate network access to the dmz on htttps which works fine. But i also from the dmz rule (2) back to the domain controllers on the corporate network for authentication. Rule (2) is causing an issue because the destination port keeps changing. Ie one day its something like tcp/60011 and the next week it can change to tcp/60022 etc.
How do i get the firewall to stop changing the destination port?
Or does the change need to be made on the windows server?
thanks
04-10-2018 07:51 PM
Depending on what Firewall it is, you can filter based on application and keep the destination tcp/udp port to any.
(Firepower can do this)
04-11-2018 06:48 AM - edited 04-11-2018 01:24 PM
Thanks for that
How would i lock down the dynamic port range between tcp/49152 – 65535 on the destination service on the firewall. Say i picked 49157 - would i also have to harden the windows 2016 server to also just use that same port. If a create a tcp/service is that the same as creating a tcp port range
Its for Sharepoint
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide