The following best practices will help maximize the success of identity firewall rules.

  • IDFW supports the following protocols:
    • Single user (VDI, or Non-RDSH Server) use case support - TCP, UDP, ICMP
    • Multi-User (RDSH) use case support - TCP, UDP
    • HTTP
    • HTTPs
    • SMB/Server Message Block/SMB Server
    • SSH
    • RDP/Terminal Services
    • TELNET
    • FTP
    • SMTP/SMTP_TLS
    • IMAP/IMAP_SSL
    • POP3/POP3_SSL
    • LDAP/LDAPS
  • Any change on a domain, including a domain name change, will trigger a full sync with Active Directory. Because a full sync can take a long time, we recommend syncing during off-peak or non-business hours.

  • For local domain controllers, the default LDAP port 389 and LDAPS port 636 are used for the Active Directory sync, and should not be edited from the default values.