Monday, March 22, 2021

Network Segmentation on a windows network

I have been tasked with implementing some network segmentation on our windows domain network. We already have the network segregated into VLANs and I just need to implement some ACLs (I think).

I am trying to figure out 2 main issues so far.

  1. I'm running server 2016 with a Server 2016 Domain functional level. Do i need to allow ports 137, 138, and 139 for netbios to leave the client VLAN?
  2. I know i need port 135 for RPC but do I also need to allow all high level ports 49152-65535 from the client or does this come under established communication during the RPC negotiation?

Any help would be greatly appreciated

Sources I'm looking at:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts

https://docs.microsoft.com/en-US/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements



No comments:

Post a Comment