General discussion

Locked

PIX Firewall opening port to inside from DMZ ;exchange 2003

By Noufal ·
I want to open some TCP ports though PIX firewall from Internal network to DMZ zone for putting a frond-end Exchange 2003 server in the DMZ zone; Domain controller and Mail server are in Internal zone .Can any body give me correct commands .I don?t want to map IP and expose all ports to DMZ with static mapping. Can anybody help me ?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Kryptos In reply to PIX Firewall opening por ...

First putting Domain Member in DMZ is not a gr8 idea. Reconsider your design.

DMZ being lower security than inside, you has to open specific ports to inside from DMZ. You may need to open following port from DMZ to inside.

25 SMTP
110 POP
143 IMAP
691 Link state Algorithm routing protocol
Active Directory Communication:
TCP & UDP 389 LDAP to Directory Service
TCP 3268 LDAP to Global Catalog Server
TCP & UDP 88 Kerberos
for the DNS server access:
UDP port 53
Suggest you to limit RPCs Access from DMZ to inside by editing the registry on servers to limit RPC traffic to a specific port (eg 1111). Then open the appropriate ports:
TCP 135 ? RPC endpoint mapper
TCP 1111 ? RPC service port

Thx,

Collapse -

by Noufal In reply to PIX Firewall opening por ...

I want to know the commands with PIX firewall to open ports to inside .I know it will reduce security ;but I dont have any other choice to enable access to exchange server from internet.Can you pls help me

Collapse -

by GDoC In reply to PIX Firewall opening por ...

I could go into details here, but would take half the night. Please reference:
http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008cfd4.html

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums