Wednesday, May 1, 2019

Configure Azure Firewall ports required to join Domain Controller


There are two virtual networks, Network 1 (contains Domain Controller, Windows Server 2016) and Network 2 (contains workload VMs, Windows Server 2016). Traffic between them goes through Azure Firewall and User Defined Routes.


After some experiments came up with following categories of rules:

Name Proto Src Dest Ports
tcp-to-dc tcp * <dc server> 53,88,135,139,389,445,464,3268,3269,49152-64000
udp-to-dc udp * <dc server> 53,88,123,135,137,138,464,389,49152-64000


No comments:

Post a Comment