SharePoint + RODC in DMZ Ports

Recently I had a project where it was necessary to set the SharePoint Server in the DMZ, so it was necessary to open different ports between the DMZ and the other LANs of the network. If you think that any other ports are needed, let me know!

For SharePoint Server

• From LAN to DMZ:

TCP 80 (HTTP)

TCP 443 (HTTPS)

• From DMZ to LAN:

TCP 25 (SMTP)

TCP 1433 (SQL default)

UDP 1434 (SQL default)

TCP 53 (It is needed a DNS)

UDP 53 (It is needed a DNS)

For RODC

• From LAN to DMZ:

TCP 135 (EPM)

TCP 53248 (FrsRpc)

TCP 389 (LDAP)

• From DMZ to LAN:

TCP 49152-65535             LSASS

TCP 57344                       DRSUAPI, LsaRpc, NetLgonR

TCP 53248              FrsRpc

TCP 135                          EPM

TCP 389                          LDAP

TCP 3268                        GC, LDAP

TCP 445                          DFS, LsaRpc, NbtSS, NetLogonR, SamR, SMB, SrvSvc

TCP 53                            DNS

TCP 88                            Kerberos

UDP 123                          NTP

UDP 389                          C-LDAP

UDP 53                           DNS

TCP 5722                        DFS-R

TCP y UDP 464             Kerberos Change/Set Password

Cheers!