Introduction
In most situations you are going to have VPN or private network to allow DC to DC traffic to work across the internet, in fact you would need either a VPN or private link as NAT would not allow it to work period. In the rare cases you would need to allow the communication between non-natting internal firewalls on different networks. This is what you’d need to allow
Required Ports
ICMP 8 ICMP 0 TCP/UDP 389 TCP 636 TCP 3268 TCP 3269 TCP/UDP 88 TCP/UDP 53 TCP/UDP 445 TCP 25 TCP/UDP 135 TCP/UDP 49152 - 65535 TCP 5722 TCP/UDP 464 TCP 9389 TCP 139 UDP 123 UDP 137 UDP 138
I know there is a lot of ports required. Especially the large range of ephemeral ports. This is because Windows uses a port mapper to map these ephemeral ports. You can download the handy port query tool from Microsoft for finding out which ports are in use:
PortQryUI – GUI – Version
http://www.microsoft.com/download/en/details.aspx?id=24009
or google it of course. Thanks to Ace Fekay for his post: