Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] setting up "one-way" NTdomain trust

To: "'[email protected]'" <[email protected]>
Subject: [FW1] setting up "one-way" NTdomain trust
From: "Bucak, Ulvi" <[email protected]>
Date: Mon, 12 Feb 2001 15:40:11 -0800
Sender: [email protected]

Hello everyone,

One of my customers has two NT domains. The PDC of one domain in the DMZ and
the  PDC of the other domain is in the internal network. I was asked if it's
possible to setup a one-way trust between these two domains. That is
DMZ-PDC is going to trust the internal-PDC only, not the other way around. 

My question is do I have to open any ports from DMZ to internal which I
don't wanna be doing. I am interested to know if the "trusting PDC" really
needs to initiate a session to the "trusted PDC" to be able to setup one way
trust relationship? If yes, what port should be allowed from trusting PDC to
the trusting PDC? 

NOte: CP talks about roughly about setting up "domain trust relationship"
that ports 135(tcp/udp), 137(udp),138(udp), 139(tcp) and all ports above
1024 (for RPC communication) should be enabled across the FW.


BTW, regarding CP's " ALL PORTS above 1024 for RPC communication" is this
really necessary? Are there any solutions available to fix the RPC comm. to
a single port on the NT side??


Thanks in advance.

Ulvi


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Checkpoint licenses required for Nokias...
Next by Date: Re: [FW1] Real Secure engine
Previous by thread: [FW1] FW: Anna Kournikova virus information - Please Read
Next by thread: RE: [FW1] setting up "one-way" NTdomain trust
Index(es):
- Date
- Thread