Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
0
Helpful
3
Replies

NTLM through Pix

santosh.naidoo
Level 1
Level 1

‎02-27-2003 06:25 AM - edited ‎02-20-2020 10:35 PM

Hi all,

Can anyone tell me how to configure pix so that I can get NTLM authentication working. I have a web server in my DMZ which needs to talk to my inside network to allow the authentication to function. What ports do I need to open up?

Thanks

Santosh

0 Helpful
3 Replies 3

mostiguy
Level 6
Level 6

‎02-27-2003 02:08 PM

So the DMZ web server is a domain member server that needs to talk to a domain controller? tcp and udp ports 135-139 should do the trick

0 Helpful

santosh.naidoo
Level 1
Level 1
In response to mostiguy

‎02-28-2003 02:57 AM

Yes, the DMZ web server needs to talk to the domain contoller. Port 135 suggests rpc need to be opened as well. Any advice on this?

0 Helpful

shannong
Level 4
Level 4
In response to santosh.naidoo

‎02-28-2003 01:13 PM

By allowing ports 135 and 139 to your inside DCs, you've eliminated most of the security gained by hosting your web server in the DMZ. Somone hacks IIS [easy] on that server, it has access to your DCs plus valid domain accounts, and voila! Your DCs are owned too with little effort!

You should try to implement in such a manner that your DMZ web server is not on the internal domain.

-Shannon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card