Problem
There are two virtual networks, Network 1 (contains Domain Controller, Windows Server 2016) and Network 2 (contains workload VMs, Windows Server 2016). Traffic between them goes through Azure Firewall and User Defined Routes.
Solution
After some experiments came up with following categories of rules:
References
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
http://powershell365.com/2016/01/19/firewall-ports-required-to-join-ad-domain/
There are two virtual networks, Network 1 (contains Domain Controller, Windows Server 2016) and Network 2 (contains workload VMs, Windows Server 2016). Traffic between them goes through Azure Firewall and User Defined Routes.
Solution
After some experiments came up with following categories of rules:
| Name | Proto | Src | Dest | Ports |
|---|---|---|---|---|
| tcp-to-dc | tcp | * | <dc server> | 53,88,135,139,389,445,464,3268,3269,49152-64000 |
| udp-to-dc | udp | * | <dc server> | 53,88,123,135,137,138,464,389,49152-64000 |
References
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
http://powershell365.com/2016/01/19/firewall-ports-required-to-join-ad-domain/
No comments:
Post a Comment