Search | Directories | Reference Tools
UW Windows Infrastructure Service banner image
Skip Navigation LinksUW Home > IT Connect > Services > UW Windows Infrastructure > Firewalls with UWWI

Firewalls with UWWI

Firewalls on domain controllers and member servers and workstations need to be properly configured to ensure proper function of the trust and ultimately the domains themselves.

Your Domain Controllers

At a minimum, the following ports:

tcp 53, 88, 135, 389, 445, 636, 3268, 3269, *
udp 53, 88, 135, 389, 445, *

need to be granted access to:

172.22.1.0/24 (172.22.1.0-172.22.1.255)
172.16.31.0/24 (172.16.31.0-172.16.31.255)

for network traffic TO and FROM your domain controllers.

* Additionally a range of dynamic RPC ports for the RPC endpoint mapper needs access if you want to be able to do trust validation. By default, this is a large set of ports: pre-Server 2008: 1024-65535/TCP, Server 2008 and on: 49152-65535/TCP. You can limit it to a a much smaller set on your servers. See the Microsoft whitepaper below (in appendix E) for more on that. The UWWI domain controllers are running Server 2012 with the default set of dynamic RPC ports.

Your Workstations and Servers

If you have firewalls on your member servers or workstations, then the ports:

tcp 53, 88, 135, 137, 139, 389, 445, 636, 3268, 3269
udp 53, 88, 123, 135, 137, 138, 389, 445

need to be granted access to:

172.22.1.0/24
172.16.31.0/24

for network traffic TO and FROM your client computers.

This will ensure authentication and normal Windows operations work correctly between UWWI and your domain. 

Troubleshooting Problems

You will need to verify and demonstrate that your firewall settings permit the required traffic noted above. At that time, UWWI engineers will look into any issues related to the UW Windows Infrastructure service. If it appears that the firewall is causing the issues we will ask that it be disabled to test functionality.

Future Changes

Should the networks that the UWWI domain controllers are on change in the future, an announcement will be made to all trust requestors in advance.

Related Documents

Microsoft KB 179442, Configure Firewall for Domain Controllers
Windows Domains and Firewalls
Domain Controllers on p172 at the UW
http://download.microsoft.com/download/c/a/3/ca3647b8-9948-4f92-8637-fcb8fdfa3de0/ADSegment_IPSec_W2K.doc