N/APosted on - 08/25/2012
I'm trying to tidy up my firewall rule base. One of my exchange servers is talking to a DC using ports that expected to see inter-DC replication. Example for this case is given below.
Example: Port 135, nbdatagram, nbname, 49155, domain-udp, and others
Without spreading around the DCs in the estate, all the traffic goes to one particular DC.
My exchange server is not a DC.
My question is, why it's happening so?
Please give me your solutions for this.
I’m trying to tidy up my firewall rule base
Here are points that will help you to tidy up your firewall rule base:
You will need to get rid of fully shadowed ruleswhich are effectively useless. In case you have got SecureTrack, these will be detected by the Rule as well as Object Usage report.
You will need to delete expired and unused rules and objects. All of these can be detected using the Rule and Object Usage and the Expired Rules reports.
Remove unused connections – specific source/destination/service routes that are no longer in use. You can be able to detect them with the use of the Automatic Policy Generator to analyze traffic patterns.
Enforce object naming conventionswhich will make the rule base a lot easier to understand. For instance, you can use a consistent format for instance host_name_IP for hosts.
Hope this helps.