A specific question regarding the ports needed for a DMZ machine to log in to a Domain Controller.

Hello,

First, my scenario: ISA Server 2006, Windows 2008 Enterprise as the DCs , and Windows 2008 as the machine in the DMZ trying to log in the DCs.

I have been reading this article: http://www.isaserver.org/articles-tutorials/articles/2004perimeterdomain.html

In that article some ports are stated as required : RPC (All interfcaes), CIFS TCP 445, DNS, Kerberos-Adm UDP, Kerberos-Sec TCP and UDP, LDAP TCP and UDP, LDAP GC, NTP and Ping.

However I just created a machine in the DMZ, joined in the domain and afterwards, when loging into the domain for the second time, I monitored from ISA what was happening in this procces of the DMZ machine log in to the domain. The protocols I see are these:

Kerberos-Sec (TCP) , DNS, LDAP UDP, Ping, Netbios Name Service, CIFS, and RPC (All interfaces).

Kerberos, DNS and ldap seem obvious, but I don't understand:

1- Why do I need NetBios Name Service , CIFS and RPC.
2- Why are there protocols in the article I have just read, that my ISA doesn't log.

Thanks a lot in advance!!

---

Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)