I have two windows 2019 servers A and B. Both have Active Directory and DNS roles installed. This setup is only used for directory service authentication by some php based web applications on port 636. Here is what I wanted to achieve:
1. Allow all communication on all ports between the DCs A and B.
2. Allow TCP port 636 between the DCs A and B and some specific IP addresses.
3. Drop all other communication on all other ports.
Things work fine when I create the first two rules,but on creating the last rule,the data replication is impacted.
What is the order to achieve the desired results.
Best Answer
Never used Windows firewall. But I hope it has some sort of logging where you can search for dropped connections from/to the other dc. Also, you may check if rule 3 also blocks all outbound connections and you may have to open that in rule 1, too.