The following best practices will help maximize the success of identity firewall rules.

• IDFW supports the following protocols, note that when IDFW is configured on a Remote Desktop setup, the SMB protocol is not supported.:

  • Single user (VDI, or Non-RDSH Server) use case support - TCP, UDP
    Note: ICMP filtering can be enabled with VMware Tools 12.x. For more information, see KB articles 79185 and 88273.
  • Multi-User (RDSH) use case support - TCP, UDP

• Any change on a domain, including a domain name change, will trigger a full sync with Active Directory. Because a full sync can take a long time, we recommend syncing during off-peak or non-business hours.

• For local domain controllers, the default LDAP port 389 and LDAPS port 636 are used for the Active Directory sync, and should not be edited from the default values.