How can I make DC-DC Communication overcome Firewall Protection?

Asked By 0 points N/A Posted on -
qa-featured

Our organization desires to combine our active directory forest islands into one active directory forest with a root domain. The root domains will be maximum two. Apart from two or three forests that are used in offsite replication for DR purpose, the forests are separated by firewalls and do not communicate.

The cause of our problem is that our current setup is such that a lower security area cannot start communication with a higher security one. A two way communication is only possible when initiated by a DC in high security area. Is there a way of providing security that allows DC to DC communication two break through firewall? Help us.

SHARE
Answered By 0 points N/A #109267

How can I make DC-DC Communication overcome Firewall Protection?

qa-featured

The possible solution is to place the DC's on the lower zone in the category of DMZ. And try to have a VPN server and place it on the lower domain and ensure that the DC's in the higher domain could connect to it. For example, assuming that the higher level DC's are the VPN clients, you can utilize the encrypted transport to comply with the IDS/IPS requirements. When the DC's on higher level connects then it will be possible to setup and your AD will work normally.

Hope you get the idea.

About Akol ben
Questions
1
Answers
9
Best Answers
1

How can I Retain Clients Passwords on Migration from Active Directory?

Previous

How do I apply IPSEC tunnels to analyze traffic flow between DCs?

Next

Related Questions