AD auth uses endpoint mapper which is an rpc service on tcp 135. Here is the best article I've ever seen on the subject: http://support.microsoft.com/kb/832017/en-us There's a section specifically on AD requirements.
As always, if you are unsure of ports needed. Create an any rule with logging and see what your clients produce. Hal -----Original Message----- From: David CALLEBAUT [AEMS Be] [mailto:[EMAIL PROTECTED] Sent: Thursday, February 16, 2006 3:50 AM To: [email protected] Subject: [FW-1] AD logon ports Hi all, Does someone know what RPC or DCE-RCP (or yet another) service I need to allow for a MS machine in a DMZ to logon to the Active Directory through a FW-1 R55HFA07 on IPSO3.8? I've already opened LDAP, kerberos, DNS. But I know that there is also an RPC connection. However I am unable to find out which one I should use and I don't find any info about it either on Checkpoints SK or other resources. Perhaps I'm overlooking something here? Does anybody have any info? Any help would be greatly appreciated! David Callebaut ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
