Hello everyone,
One of my customers has two NT domains. The PDC of one domain in the DMZ and
the PDC of the other domain is in the internal network. I was asked if it's
possible to setup a one-way trust between these two domains. That is
DMZ-PDC is going to trust the internal-PDC only, not the other way around.
My question is do I have to open any ports from DMZ to internal which I
don't wanna be doing. I am interested to know if the "trusting PDC" really
needs to initiate a session to the "trusted PDC" to be able to setup one way
trust relationship? If yes, what port should be allowed from trusting PDC to
the trusting PDC?
NOte: CP talks about roughly about setting up "domain trust relationship"
that ports 135(tcp/udp), 137(udp),138(udp), 139(tcp) and all ports above
1024 (for RPC communication) should be enabled across the FW.
BTW, regarding CP's " ALL PORTS above 1024 for RPC communication" is this
really necessary? Are there any solutions available to fix the RPC comm. to
a single port on the NT side??
Thanks in advance.
Ulvi
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
