Hey,
We moved datacenters and currently for migration, the ACL rule from site to new DC all traffic is allowed to our DC subnet.
Our ACL configured to our old DC is seperated by servers.
I.E 1 ACL rule to our domain controllers only allowing the needed ports, 1 ACL rule to our fileserver only allowing SMB ports followed by a blanket denied all.
It got me thinking before I implement this again, is this over kill or should I just create 1 ACL which is something like INTERNAL -> ALL DC SERVERS allowing all ports needed instead of separating by server & port
No comments:
Post a Comment