I have been tasked with implementing some network segmentation on our windows domain network. We already have the network segregated into VLANs and I just need to implement some ACLs (I think).
I am trying to figure out 2 main issues so far.
- I'm running server 2016 with a Server 2016 Domain functional level. Do i need to allow ports 137, 138, and 139 for netbios to leave the client VLAN?
- I know i need port 135 for RPC but do I also need to allow all high level ports 49152-65535 from the client or does this come under established communication during the RPC negotiation?
Any help would be greatly appreciated
Sources I'm looking at:
No comments:
Post a Comment