Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Connect DMZ instructions HOW TO?
  •  
bruggles

Messages: 125
Karma: 1
Send a private message to this user
Dear Kerio,

I am looking for detailed information (actual port numbers and direction to create firewall rules) to allow our Kerio Connect Server (currently in our DMZ) to connect to our Active Directory to allow me to setup Active Directory Authentication for our users.

Does Kerio or anyone have any detailed information on how to accomplish this?

TIA
  •  
Neil Whiteside (Kerio)

Messages: 318

Karma: 35
Send a private message to this user
Hello Bruggles,

These KnowledgeBase articles should help:

http://kb.kerio.com/1153 for the standard ports used by Kerio Connect.

http://kb.kerio.com/1153 for the ports used to connect to AD.

I hope this helps.

Best regards,

Neil.

Knowledge Base: http://kb.kerio.com/.
Looking for technical support? http://www.kerio.com/support
  •  
bruggles

Messages: 125
Karma: 1
Send a private message to this user
Neil,

Thanks, Specifically I am interested in using Kerberos to authenticate from Kerio Connect in the DMZ to a Domain Controller located in our LAN.

I assume this would be the most secure way but am looking for details for instance Kerio Connect (windows workgroup server) in DMZ is at 10.10.150.5 and Domain Controller is in LAN located at IP Address 10.10.100.2

What firewall rule would have to be setup to allow Kerberos secured communication from the DMZ to the Domain Controller in the LAN?

Also am wondering is this the safest way to protect Active Directory from threats?

TIA
  •  
freakinvibe

Messages: 1529
Karma: 60
Send a private message to this user
Have a look at this:

http://kb.kerio.com/product/kerio-connect/server-configurati on/ldap-and-directory-services/what-ports-should-be-open-on- my-active-directory-controller-for-synchronization-with-keri o-connect-mailserver-374.html

So you would need

LDAP - by default TCP port 389
kerberos-sec - by default TCP/UDP port 88
kpassword5 - by default TCP/UDP port 464

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
bruggles

Messages: 125
Karma: 1
Send a private message to this user
Assuming I setup firwall rule from Kerio Connect IP address to internal Domain controller would this be secure?

Do I need both LDAP and Kerberos?

Thank You
  •  
freakinvibe

Messages: 1529
Karma: 60
Send a private message to this user
Yes and yes.

The more fundamental aspect is that you should not have to rely on a user forum if you have to do important security decisions. You must know the security basics before you setup a secure environment, this is independent of Kerio.

When your boss trusts you to build a secure environment, you should first learn about network security before you setup production servers and firewalls. Your posts and questions sound like you don't have much experience in that area.

No offence, just don't put your company at risk. Hire a security consultant to design your network security.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: OpenLDAP: Cannot edit LDAP users
Next Topic: Rating e-mail as SPAM does not work (Kerio Webmail) (Solved)
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Sep 22 02:51:57 CEST 2017

Total time taken to generate the page: 0.00452 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.