Hello,
I am looking for some design recommendations for my test environment that I would like to apply to one production environment (I already posted about this topic but I still have some questions).
I am working with 2 domains (2 forests) with no trust relationships.
Domain A : internal
Domain B : DMZ
From a firewall point of view, only the ports from the internal to the DMZ will be opened.
From the internet to the DMZ, only HTTPS will be opened.
Currently, I only manage the clients connected to the internal domain.
I would like to deploy a new management point in DMZ that will allow me to manage my DMZ clients (servers) and my Internet clients (laptops).
Should I use 2 management points ? Is it supported ?
- one for the DMZ clients
- one dedicated to my internet clients
If I use only one MP, should I allow Intranet and Internet clients ?
Should I allow my DMZ clients to communicate with the internal management point (port 80) and only use the MP in DMZ for my Internet clients.
The only documents I can find on Technet require too many ports to be opened in the firewall (From DMZ to Internal) and can't be applied to my environment.
Thanks.
- Edited by LiveBTW83 Wednesday, February 04, 2015 5:03 AM