This message was deleted.
# citrix-vads
Slackbot
03/07/2023, 6:22 PMThis message was deleted.
r
Ray Davis
03/07/2023, 6:23 PMDDC to DDC or DDC to AD for example?
r
Ryan Gallier
03/07/2023, 6:24 PMf
Felix Marte
03/07/2023, 6:24 PMIf you dont mind an indirect reply, all poort requirements are spelled out in this master document: v=https://docs.citrix.com/en-us/tech-zone/build/tech-papers/citrix-communication-ports.html
r
Ray Davis
03/07/2023, 6:24 PMr
Ryan Gallier
03/07/2023, 6:24 PMI win!!!
😀 3
r
Ray Davis
03/07/2023, 6:24 PMHAHAHA
Ray Davis
03/07/2023, 6:25 PMThat's funny, we all three put the same link in
f
Felix Marte
03/07/2023, 6:25 PMDoes that qualify as triple fact checking?
r
Ryan Gallier
03/07/2023, 6:25 PMit IS the best link
r
Ray Davis
03/07/2023, 6:25 PMyea it is
n
newbie1998
03/07/2023, 6:27 PM@Ray Davis DDC to AD
newbie1998
03/07/2023, 6:27 PMits not in the doc you sent me.
newbie1998
03/07/2023, 6:27 PMthe client and i checked
r
Ray Davis
03/07/2023, 6:28 PMWithout looking in doc. I would say
135 ,389.636
r
Ryan Gallier
03/07/2023, 6:28 PMDDC to AD would just be regular active directory ports, which are like 10000 of them
r
Ray Davis
03/07/2023, 6:28 PMBut Ryan has a good point.
n
newbie1998
03/07/2023, 6:31 PMi am dumba$$
newbie1998
03/07/2023, 6:31 PMi found it for SF
newbie1998
03/07/2023, 6:31 PMbut not DDC to Domain Controller
r
Ray Davis
03/07/2023, 6:33 PMWell, it is probably industry standard for AD Domain Talk. Something like this
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN
f
Felix Marte
03/07/2023, 6:33 PMhttps://docs.citrix.com/en-us/tech-zone/learn/downloads/diagrams-posters_virtual-apps-and-desktops_poster.png▾
👍 2
💯 1
r
Ray Davis
03/07/2023, 6:33 PMWell that is 2008R2, but hopefully you get the point.
n
newbie1998
03/07/2023, 6:34 PMwow, not even carl has them listed - https://www.carlstalhood.com/netscaler-firewall-rules/#xenapp ...how could that be?
r
Ray Davis
03/07/2023, 6:36 PMHonestly, It's because most of it is a industry standard now I would say. Most FW have a basic rule set for AD DS in the FW defaults.
n
newbie1998
03/07/2023, 6:36 PMthanks for the feedback.
newbie1998
03/07/2023, 6:36 PMi will submit 389/636.
newbie1998
03/07/2023, 6:37 PMthats what i see on the poster
r
Ryan Gallier
03/07/2023, 6:37 PMif that's all you open, you're going to have a bad time
r
Ray Davis
03/07/2023, 6:38 PMI would start here. That is me though
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
r
Ryan Gallier
03/07/2023, 6:40 PMfirewall between domain members is a nightmare, imo
Ryan Gallier
03/07/2023, 6:40 PMby the time you open all the ports, it's not secure anyway, so what's the fucking point?
🤣 1
r
Ray Davis
03/07/2023, 6:40 PMI bet you know first hand for sure.
r
Ryan Gallier
03/07/2023, 6:41 PMand i just mean, basic SPI... now if you have some Layer7 inspection there, it's better
Ryan Gallier
03/07/2023, 6:41 PMbut if you're just going to do SPI between them, it's pointless.
f
Felix Marte
03/07/2023, 6:41 PMI suppose its a matter of perspective... Assume the org already opens the necessary ports for a member server to talk to a domain controller, what additional ports would be necessary on a DDC... As opposed to what are all ports necessary for the member server... In the first case the answer really is nothing additional since 389/636 (at least 636 in hyper secure environments) should be open already
n
newbie1998
03/07/2023, 6:43 PMisn't 636 legacy
f
Felix Marte
03/07/2023, 6:47 PM636 is secure ldap
m
Mads Petersen
03/07/2023, 7:42 PMIf anyone finds incorrect ports in the document, let me know and we can get them fixed 🙂
👌 1
n
newbie1998
03/07/2023, 8:06 PMwill do! thanks
4 Views