Object Group

Active Directory Firewall Ports

Have you ever wondered what firewall ports needs to be opened to your AD network if you have a segmented environment. I have below a simple firewall rule that you need to configure to allow all needed AD ports as listed: 1. Create Service-Object: ASA# object-group service AD-Ports service-object tcp-udp eq 389 (LDAP (Lightweight Directory Access Protocol) service-object tcp-udp eq domain (DNS) service-object tcp-udp eq 88 (Kerberos) service-object tcp eq 445 (SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc)