How can I make DC-DC Communication overcome Firewall Protection?

Asked By Connor vargas 0 points N/A Posted on - 01/20/2012

Our organization desires to combine our active directory forest islands into one active directory forest with a root domain. The root domains will be maximum two. Apart from two or three forests that are used in offsite replication for DR purpose, the forests are separated by firewalls and do not communicate.

The cause of our problem is that our current setup is such that a lower security area cannot start communication with a higher security one. A two way communication is only possible when initiated by a DC in high security area. Is there a way of providing security that allows DC to DC communication two break through firewall? Help us.

• Status: Open
• Question Views: 1035
• Answer Count: 1
• Vote Up 0 Vote Down

• Answer Accepted: No
• Question Category: Network Security

Answered By Akol ben 0 points N/A #109267

How can I make DC-DC Communication overcome Firewall Protection?

The possible solution is to place the DC's on the lower zone in the category of DMZ. And try to have a VPN server and place it on the lower domain and ensure that the DC's in the higher domain could connect to it. For example, assuming that the higher level DC's are the VPN clients, you can utilize the encrypted transport to comply with the IDS/IPS requirements. When the DC's on higher level connects then it will be possible to setup and your AD will work normally.

Hope you get the idea.

About Akol ben

Questions
1

Answers
9

Best Answers
1

• Vote Up 0 Vote Down

• Posted on - 01/20/2012
• Question Category: Network Security