Destination Ports for Sharepoint

ohareka70 · ‎04-10-2018

Hi, My server team have sharepoint installed on the DMZ. I have a firewall rule (1) allowed for corporate network access to the dmz on htttps which works fine. But i also from the dmz rule (2) back to the domain controllers on the corporate network for authentication. Rule (2) is causing an issue because the destination port keeps changing. Ie one day its something like tcp/60011 and the next week it can change to tcp/60022 etc.

How do i get the firewall to stop changing the destination port?

Or does the change need to be made on the windows server?

thanks

Dennis Mink · ‎04-10-2018

Depending on what Firewall it is, you can filter based on application and keep the destination tcp/udp port to any.

(Firepower can do this)

Please remember to rate useful posts, by clicking on the stars below.

ohareka70 · ‎04-11-2018

Thanks for that

How would i lock down the dynamic port range between tcp/49152 – 65535 on the destination service on the firewall. Say i picked 49157 - would i also have to harden the windows 2016 server to also just use that same port. If a create a tcp/service is that the same as creating a tcp port range

Its for Sharepoint