Managed Active Directory - Firewall Policies for Various Traffic Types

Updated by Jared Ruckle on Oct 14, 2014

The following tables show details to help you configure firewalls related to traffic from Active Directory.

Active Directory Replication Traffic            

Traffic

Protocol

Source Port

Destination Port

ICMP

ALL

RPC Endpoint Mapper

TCP/UDP

1024-65535

135

RPC Dynamic Assignment

** Default Windows 2008 and later

TCP/UDP

1024-65535

49152-65535**

6000-6199

NetBIOS Name Service

TCP/UDP

1024-65535

137

NetBIOS Datagram Service

UPD

1024-65535

138

NetBIOS Session Service

TCP

1024-65535

139

SMB over IP

TCP/UDP

1024-65535

445

LDAP

TCP/UDP

1024-65535

389

LDAP over SSL

TCP

1024-65535

636

Global Catalog LDAP

TCP

1024-65535

3268

Global Catalog LDAP over SSL

TCP

1024-65535

3269

Kerberos

TCP/UDP

1024-65535

88

DNS

TCP/UDP

1024-65535

53

NTP

UDP

123

123

SMTP

TCP

1024-65535

25

 Active Directory Client Authentication Traffic                                          

Traffic

Protocol

Source Port

Destination Port

ICMP

ALL

RPC Endpoint Mapper

TCP/UDP

1024-65535

135

RPC Dynamic Assignment

** Default Windows 2008 and later

TCP/UDP

1024-65535

49152-65535**

6000-6199

SMB over IP

TCP/UDP

1024-65535

445

LDAP

TCP/UDP

1024-65535

389

LDAP over SSL

TCP

1024-65535

636

Global Catalog LDAP

TCP

1024-65535

3268

Global Catalog LDAP over SSL

TCP

1024-65535

3269

Kerberos

TCP/UDP

1024-65535

88

DNS

TCP/UDP

1024-65535

53

NTP

UDP

123

123

 Active Directory Trust Traffic

Traffic

Protocol

Source Port

Destination Port

ICMP

ALL

RPC Endpoint Mapper

TCP/UDP

1024-65535

135

RPC Dynamic Assignment

** Default Windows 2008 and later

TCP/UDP

1024-65535

49152-65535**

6000-6199

SMB over IP

TCP/UDP

1024-65535

445

LDAP

TCP/UDP

1024-65535

389

LDAP over SSL

TCP

1024-65535

636

Global Catalog LDAP

TCP

1024-65535

3268

Global Catalog LDAP over SSL

TCP

1024-65535

3269

Kerberos

TCP/UDP

1024-65535

88

DNS

TCP/UDP

1024-65535

53

NTP

UDP

123

123

Customer Support

Can’t find what you need?
Give us a call.

1.888.638.6771

M – F, 8am to 6pm