This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Joining My DMZ server to my Internal AD domian.

Greetings

I am using ASL 5; I have 3 interfaces on my Astaro box, Internal, DMZ and External. I have a packet filter securing traffic from the DMZ to the internal network…

I do want to be able to join my DMZ server to my Internal Active Directory domain, and create a front end mail server that will pass mail to the internal server.

I’m having problems finding the correct ports I need to open from the DMZ to the internal network in order to make this happen, I know port 25 for mail, but for AD I’m at a lost…. Please help!!!

Thanks….

Newbie to ASL

This thread was automatically locked due to age.

Parents

0 mboughton over 21 years ago

In words it is difficult for me to express how dangerous a configuration like this really is. By doing this you have compromised the entire existence of your firewall and essentially given a would be attacker a direct route through your firewall and into your LAN unless you are taking extra precautions to protect your DMZ computers.

I strongly recommend that if you absolutely cannot live without having your external mail server in the AD tree, that you put it on the LAN with the rest of the AD machines and only forward the port you need(port 25) from the external interface to the mail server on the LAN.

This gives an attacker a much smaller window to aim for. Good luck.
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 21 years ago in reply to mboughton

MS recommends using IPSEC VPN to communicate between AD boxes in this situation. A secure tunnel is much safer.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Simon Shaw over 21 years ago in reply to mboughton

MS recommends using IPSEC VPN to communicate between AD boxes in this situation. A secure tunnel is much safer.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data