FOREFRONT TMG: Puertos necesarios para configurar Forefront TMG 2010

En función de la configuración que hayamos escogido para nuestros servidores forefront, tendremos que abrir ciertos puertos:

• EMS to TMG

TCP 135, 49152-65535* – RPC
TCP 3847 – MS Firewall Control

• TMG to EMS

TCP 445 – CIFS
UDP 445 – CIFS
TCP 2171 – MS Firewall Storage (domain-joined only)
TCP 2172 – MS Firewall Storage Secure (workgroup mode only)
TCP 3847 – MS Firewall Control

• TMG to DCs ( en el caso de que las máquinas TMG estén en Dominio )

TCP 88 – Kerberos

UDP 88 – Kerberos (send receive)
UDP 123 – NTP
TCP 135, 49152-65535* – RPC
TCP 389 – LDAP
UDP 389 – LDAP
TCP 445 – CIFS
UDP 445 – CIFS
TCP 3268 – LDAP Global Catalog

• TMG to DCs ( en el caso de que las máquinas TMG NO estén en Dominio )

TCP 389 – LDAP (required only for pre-authentication in reverse proxy scenarios)
TCP 636 – LDAPS (required only for pre-authentication in reverse proxy scenarios)

• TMG to DNS

TCP 53 – DNS (send receive)
UDP 53 – DNS

• Primary EMS to Replica EMS

TCP 135, 49152-65535* – RPC
TCP 2173 – MS Firewall Storage Replication

• Replica EMS to Primary EMS

TCP 135, 49152-65535* – RPC
TCP 445 – CIFS
UDP 445 – CIFS
TCP 2171 – MS Firewall Storage – domain-joined only
TCP 2172 – MS Firewall Storage (Secure) – workgroup mode only
TCP 3847 – MS Firewall Control

• Web Proxy Client to TMG

TCP 80 – HTTP (WPAD only)
TCP 8080 – HTTP Proxy

• Firewall Client to TMG

TCP 80 – HTTP (WPAD only)
TCP 1745 – Firewall Client Control Channel
UDP 1745 – Firewall Client Control Channel
TCP 1024-65535 – All high ports**
UDP 1024-65535 – All high ports**

• Management Workstation to TMG

TCP 135, 49152-65535* – RPC
TCP 2171 – MS Firewall Storage – Domain mode only
TCP 2172 – MS Firewall Storage (Secure) – Workgroup mode only
TCP 3847 – MS Firewall Control

Si no se desea tener el rango entero RPC, se puede fijar el puerto para que no sea un problema de seguridad: http://support.microsoft.com/kb/154596

(Info extraída de: http://tmgblog.richardhicks.com/tag/port/ )