Domains and Forests at UW

Understanding the implications of a Firewall

Implementing a firewall in front of Windows domain controllers can cause a lot more problems than it solves. This is especially true in a shared forest where you'd need to open up most of the Microsoft ports in order to allow basic forest communication to function. There is an excellent Microsoft whitepaper which addresses this topic: Active Directory in Networks Segmented by Firewalls

An alternative is to put Windows Domain Controllers in the UW Project 172 limited access network.