After the network prerequisites we could now see how to create our access rules, first we will create the protocol objects required for them.
3/ Protocols
3.1/ Standard protocols
The following protocols will be used by the access rules:
Name
|
Protocol type
|
Direction
|
From
|
To
|
DPM Agent
Coordinator
|
TCP
|
Outbound
|
5718
|
5718
|
DPM
Protection Agent
|
TCP
|
Outbound
|
5719
|
5719
|
DPM Dynamic
Ports
|
TCP
|
Outbound
|
10000
|
65535
|
Be careful for the DPM Dynamic Ports protocol, you must be sure that on the DPM and TMG server that they used the default RPC port. To check this you could use the following command line netsh int ipv4 show dynamicport tcp with the following result:
3.1.1/ DPM Agent Coordinator
The DPM Agent Coordinator protocol allows
the DPM management console to install or uninstall the agent on the server.
The following parameters will be used to create the protocol:
- Protocol type : TCP
- Direction : Outbound
- From : 5718
- To : 5718
No secondary connections are required for this one.
3.1.2/ DPM Protection Agent
The DPM Protection Agent protocol allows the DPM management console to communicate with the agent installed on the protected server.
The following parameters will be used to create the protocol:
- Protocol type : TCP
- Direction : Outbound
- From : 5719
- To : 5719
3.1.2/ DPM Dynamic Ports
The following parameters will be used to create the protocol:
- Protocol type : TCP
- Direction : Outbound
- From : 10000
- To : 65535
3.2/ RPC protocols
The RPC protocol used by DPM sis also required, the interfaces must be added manually with the wizard. When adding the different Universally Unique Identifier (UUID) the option Publish on a Dynamically Assigned Port must be enabled.
The UUID to add on our RPC protocol named DPM UUID are:
Name
|
UUID
|
MSDPM AC 01
|
{C4EBD674-1457-4B79-BE30-B04735AED9D1}
|
MSDPM AC
02
|
{A3B9D3F4-2477-4F95-B2D1-F75B0FDF2A2F}
|
DPM RA 01
|
{DA6AA17A-D61C-4E9C-8CEA-DB25DEA52A95}
|
DPM RA 02
|
{2DF31D97-33CC-4966-8FF9-F47C90F7D0F3}
|
MSDPM 01
|
{27F60283-447F-4D5F-AA84-F45D09BD06EF}
|
MSDPM 01
|
{8D8C691A-AFE6-4EA3-A6B2-F3E5EF1BD0CA}
|
DPM LA 01
|
{1B308A4A-FFEC-4C85-957C-53AA1DCC696F}
|
DPM LA 02
|
{9E6C5356-B180-4295-888C-5A99E505420F}
|
In order to create a new RPC protocol, select the Protocols section on the Toolbox tab.
On this article we will used the DPM UUID name.
On the window Select Server we select the Add interfaces manually option.
On the Adding Interfaces to the Protocol Definition step we add the UUID with the
Publish on a Dynamically Assigned Port option.
Finally we check that we have 8 UUID in order to validate the new RPC protocol to create.
Aucun commentaire:
Enregistrer un commentaire