Hi,
I'm hoping someone else has already done this and can provide a little help, I am placing an RODC in my DMZ and am setting up policies between the DMZ and Trust and vice versa.
Refering to this URL: http://technet.microsoft.com/en-us/library/dd728028%28WS.10%29.aspx I would need the following:
Trust to DMZ (RWDC to RODC) junos-ldap junos-ms-rpc-epm custom-frs (tcp 53248) or what ever port I pin FRS too.
DMZ to Trust (RODC to RWDC) junos-dns-tcp junos-dns-udp junos-ldap junos-ms-rpc-epm junos-ntp custom-lsass (tcp 49152-65535)
For everything else it looks like they would be custom applications or have I missed anything?
TCP 3268
GC, LDAP
TCP 445
DFS, LsaRpc, NbtSS, NetLogonR, SamR, SMB, SrvSvc
TCP 88
Kerberos
UDP 123
NTP
UDP 389
C-LDAP
TCP 5722
DFS-R
TCP and UDP 464
Kerberos Change/Set Password
Also what else did you add for the communication? I also disabled the msrpc and dns alg.
Thanks