lundi 14 mai 2012

[Ports used] How to protect TMG with DPM : Part 4


This article describe how to create the access rules on the TMG firewall in order to allow the communication required for DPM, we will also use the protocols created on the previous article.

4/ Access rules
In order to authorize communication between the DPM server and Forefront TMG 2010 the following two access rules are required, on our lab the DPM Servers is a Computer Set object containing the IP address of the DPM server:



Name
Action
Protocol
From
To
DPM - Inbound
Allow
DPM Agent Coordinator
DPM Dynamic Ports
DPM Protection Agent
DPM UUID
Microsoft CIFS (TCP)
NetBios Name Service
NetBios Session
PING
RPC (all interfaces)
DPM Servers
Local Host
DPM - Outbound
Allow
DPM Agent Coordinator
DPM Dynamic Ports
DPM Protection Agent
DPM UUID
Microsoft CIFS (TCP)
Local Host
DPM Servers



4.1/ Building the required objects

In order to make the object containing the DPM server, we do it on the Network Objects section of the Toolbox tab.

On my lab the DPM server got the IP address 10.0.0.7.

4.2/ Inbound rule

When we got all the required objects we launch the Create Access Rule wizard.

For this rule we will use the name DPM - Inbound.

On the Protocols step we choose Selected protocols, and add these ones:
  • DPM Agent Coordinator
  • DPM Dynamic Ports
  • DPM Protection Agent
  • DPM UUID
  • Microsoft CIFS (TCP)
  • NetBios Name Service
  • NetBios Session
  • PING
  • RPC (all interfaces)

Then on the source window we specify the DPM server object previously made.

And as the target Local Host of course ;)

We authorize All Users to avoid an authentication, so the anonymous connection used by the DPM server will match the rule.

4.1/ Outbound rule

We launch again the Create Access Rule wizard.

For this rule we will use the name DPM - Outbound.

On the Protocols step we choose Selected protocols, and add these ones:
  • DPM Agent Coordinator
  • DPM Dynamic Ports
  • DPM Protection Agent
  • DPM UUID
  • Microsoft CIFS (TCP)

Then on the source window we specify Local Host ;)

Then on the target window we specify the DPM server object previously made.

Aucun commentaire:

Publier un commentaire