• State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 37 subscribers
  • Views 6167 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to connect to a DMZ AD Domain

rian.coutinho
over 6 years ago

I am currently connected to multiple AD domain inside the firewall. 

How do I connect to a AD domain in the DMZ? Is there a checklist or document which describes what port need to be opened and how to configure it.

 

Thanks

  • 0 over 6 years ago
    I understand the question in the following way.
    INTRANET: AD/DCs, PWM01 Admin Service Server, SQL\PM db, SSRS are here protected by FW.
    INTERNET\DMZ: IIS\PMW02 website pointing to PWM01 ADmin Service via FW port open between DMZ<=>INTRANET and specified during install of the website. There is no DMZ\PWM ADmin Service in DMZ for security reasons.
  • 0 over 6 years ago
    So, this DMZ domain is in a secured perimeter network which has very limited connectivity to the internal domain in which the Password Manager application servers resides. Also there is just a one way external trust from DMZ domain to the root domain, which the DMZ domain trusts the root domain but the root domain and underneath child domains do not trust the DMZ domain. Can this be setup in Password manager?
  • 0 over 6 years ago
    Option1) assume DMZ-Domain\DC01 exists inside the INTRANET. Point existing INTRANET\PWM01 ADmin Service to the INTRANET\DMZ-domain\DC01. And install DMZ\IIS\PMW02-website (as described in prev post).
    Option2) install separate DMZ\PWM03 ADmin Service inside DMZ independent of the PWM01 and point to DMZ\DMZ-domain\DC.
    I strongly do not recommend to put INTRANET related PWM ADmin Service inside DMZ for security reasons.