The following best practices will help maximize the success of identity firewall rules.

• IDFW supports the following protocols:

  • Single user (VDI, or Non-RDSH Server) use case support - TCP, UDP, ICMP
  • Multi-User (RDSH) use case support - TCP, UDP

  .

• A single ID-based group can be used as the source only within a distributed firewall rule. If IP and ID-based groups are needed at the source, create two separate firewall rules.

• Any change on a domain, including a domain name change, will trigger a full sync with Active Directory. Because a full sync can take a long time, we recommend syncing during off-peak or non-business hours.

• For local domain controllers, the default LDAP port 389 and LDAPS port 636 are used for the Active Directory sync, and should not be edited from the default values.