Domain controller in DMZ, firewall rules needed

Question

Hello, I'm migrating a mikrotik router to an XG, the domain controller was in another subnet. In the new schema, I placed them in the DMZ zone, but i do not know which firewall rules are needed to allow only the needed traffic for the domain to work witouth issue. 
 The mk had this rules, which i dont look like the bare minium or even be the right ones 
 add chain=forward dst-port=7,9,13,17,19,53,88,123,137,138,161,162,389,464,4500 in-interface=ether3 out-interface=brServers protocol=udp add chain=forward dst-port=7,9,13,17,19,53,80,81,88,135,138,139,389,443,445 in-interface=ether3 out-interface=brServers protocol=tcp add chain=forward dst-port=464,515,2869,3268,3269,5000-5200,5722,9099,42424,53211 in-interface=ether3 out-interface=brServers protocol=tcp

Aditya Patel · Answer

Hi Lucho , 
 You may create a firewall rules between two Zones. 
 1. DMZ to WAN > Allow Ports to communicate with the WAN network i.e. Internet. 
 2. LAN to DMZ ,Allow comunication from Local Machines in the LAN zone to the server. 
 You may segregiate the rule based on the ports required. 
 We do have a Predefined rules for all known ports ,also you may create your own List of Ports and Apply on the firewall rules. 
 e.g. https://community.sophos.com/kb/en-us/123034