This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best practice for Microsoft RPC dynamic ports

Hi community,

I am not proficient in configuring a Sophos XG. But on behalf on me and my colleague I am trying to find an answere here.
Our goal is to segment the network and route traffic through the Sophos for more control.
We have configured a zone on the XG with a private IP address range.
We'd like this zone to be able to communicate with another zone on the same XG, other private IP address range.
No NAT required. We have a Microsoft Certificate Authority in one zone and we'd like the clients in the other zone to be able to enroll certificates.
We need the Microsoft RPC Dynamic Ports for this.

What is the best practice to configure this?
Open all required ports both ways? (There must be a better way than to open up TCP 49152-65535?)

Thanks in advance.

Kind regards,
Martin Nevels

This thread was automatically locked due to age.

0 LHerzog over 3 years ago

I think there isn't
"There must be a better way than to open up TCP 49152-65535"

This is the default MS Port range, and I did not find a comment from MS how to reduce this range.

You need this only from/to DCs.
Cancel
Vote Up 0 Vote Down

Cancel