[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] setting up "one-way" NTdomain trust
Hello everyone, One of my customers has two NT domains. The PDC of one domain in the DMZ and the PDC of the other domain is in the internal network. I was asked if it's possible to setup a one-way trust between these two domains. That is DMZ-PDC is going to trust the internal-PDC only, not the other way around. My question is do I have to open any ports from DMZ to internal which I don't wanna be doing. I am interested to know if the "trusting PDC" really needs to initiate a session to the "trusted PDC" to be able to setup one way trust relationship? If yes, what port should be allowed from trusting PDC to the trusting PDC? NOte: CP talks about roughly about setting up "domain trust relationship" that ports 135(tcp/udp), 137(udp),138(udp), 139(tcp) and all ports above 1024 (for RPC communication) should be enabled across the FW. BTW, regarding CP's " ALL PORTS above 1024 for RPC communication" is this really necessary? Are there any solutions available to fix the RPC comm. to a single port on the NT side?? Thanks in advance. Ulvi ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|