The following best practices will help maximize the success of identity firewall rules.
IDFW supports the following protocols:
- Single user (VDI, or Non-RDSH Server) use case support - TCP, UDP, ICMP
- Multi-User (RDSH) use case support - TCP, UDP
A single ID-based group can be used as the source only within a distributed firewall rule. If IP and ID-based groups are needed at the source, create two separate firewall rules.
Any change on a domain, including a domain name change, will trigger a full sync with Active Directory. Because a full sync can take a long time, we recommend syncing during off-peak or non-business hours.
For local domain controllers, the default LDAP port 389 and LDAPS port 636 are used for the Active Directory sync, and should not be edited from the default values.