lundi 7 mai 2012

[Ports used] How to protect TMG with DPM : Part 3


After the network prerequisites we could now see how to create our access rules, first we will create the protocol objects required for them.

3/ Protocols

3.1/ Standard protocols
The following protocols will be used by the access rules:
Name
Protocol type
Direction
From
To
DPM Agent Coordinator
TCP
Outbound
5718
5718
DPM Protection Agent
TCP
Outbound
5719
5719
DPM Dynamic Ports
TCP
Outbound
10000
65535

Be careful for the DPM Dynamic Ports protocol, you must be sure that on the DPM and TMG server that they used the default RPC port. To check this you could use the following command line netsh int ipv4 show dynamicport tcp with the following result:



3.1.1/ DPM Agent Coordinator
The DPM Agent Coordinator protocol allows the DPM management console to install or uninstall the agent on the server.

The following parameters will be used to create the protocol:
  • Protocol type : TCP
  • Direction : Outbound
  • From : 5718
  • To : 5718

No secondary connections are required for this one. 

3.1.2/ DPM Protection Agent
The DPM Protection Agent protocol allows the DPM management console to communicate with the agent installed on the protected server.

The following parameters will be used to create the protocol:
  • Protocol type : TCP
  • Direction : Outbound
  • From : 5719
  • To : 5719 

3.1.2/ DPM Dynamic Ports 

The following parameters will be used to create the protocol:
  • Protocol type : TCP
  • Direction : Outbound
  • From : 10000
  • To : 65535 

3.2/ RPC protocols
The RPC protocol used by DPM sis also required, the interfaces must be added manually with the wizard. When adding the different Universally Unique Identifier (UUID) the option Publish on a Dynamically Assigned Port must be enabled.

The UUID to add on our RPC protocol named DPM UUID are:

Name
UUID
MSDPM AC 01
{C4EBD674-1457-4B79-BE30-B04735AED9D1}
MSDPM AC 02
{A3B9D3F4-2477-4F95-B2D1-F75B0FDF2A2F}
DPM RA 01
{DA6AA17A-D61C-4E9C-8CEA-DB25DEA52A95}
DPM RA 02
{2DF31D97-33CC-4966-8FF9-F47C90F7D0F3}
MSDPM 01
{27F60283-447F-4D5F-AA84-F45D09BD06EF}
MSDPM 01
{8D8C691A-AFE6-4EA3-A6B2-F3E5EF1BD0CA}
DPM LA 01
{1B308A4A-FFEC-4C85-957C-53AA1DCC696F}
DPM LA 02
{9E6C5356-B180-4295-888C-5A99E505420F}

In order to create a new RPC protocol, select the Protocols section on the Toolbox tab.

On this article we will used the DPM UUID name.

On the window Select Server we select the Add interfaces manually option.

On the Adding Interfaces to the Protocol Definition step we add the UUID with the Publish on a Dynamically Assigned Port option.

Finally we check that we have 8 UUID in order to validate the new RPC protocol to create.

Aucun commentaire:

Enregistrer un commentaire