Jump to content


Design DMZ and IBCM

Recommended Posts


I am looking for some design recommendations for my test environment that I would like to apply to one production environment.
I am working with 2 domains (2 forests) with no trust relationships.
Domain A : internal
Domain B : DMZ

From a firewall point of view, only the ports from the internal to the DMZ will be opened.
From the internet to the DMZ, only HTTPS will be opened.
Currently, I only manage the clients connected to the internal domain.
I would like to deploy a new management point in DMZ that will allow me to manage my DMZ clients and my Internet clients.
Should I use 2 management points :
- one for the DMZ clients
- one dedicated to my internet clients

If I use only one MP, should I allow Intranet and Internet clients ?

The only documents I can find on Technet require too many ports to be opened in the firewall (From DMZ to Internal) and can't be applied to my environment.



Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.