Merge pull request #8 from qbeyond/fix/add-missing-ad-firewall-ports

add missing ad rules
qbeyond · Apr 30, 2024 · 129f712 · 129f712
2 parents 2671d4a + c518ced
commit 129f712
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,11 @@ and this module adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [2.0.1] - 2024-04-29
+
+### Fixed
+- add missing RPC randomly allocated high TCP ports for AD (`49152 – 65535`) between domain controllers.
+
 ## [2.0.0] - 2024-04-09
 
 ### Added

diff --git a/main.tf b/main.tf
@@ -60,7 +60,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "this" {
         destination_ip_groups = var.ipg_onpremise_dc_id != null ? [var.ipg_azure_dc_id, var.ipg_onpremise_dc_id] : [var.ipg_azure_dc_id]
         destination_ports = [
           "53", "88", "123", "135", "137", "138", "139",
-          "389", "445", "464", "636", "3268", "3269", "9389"
+          "389", "445", "464", "636", "3268", "3269", "9389", "49152-65535"
         ]
       }
     }
@@ -75,7 +75,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "this" {
 
       rule {
         name                  = "allow-dc-to-dnsresolver-inbound"
-        protocols             = ["UDP","TCP"]
+        protocols             = ["UDP", "TCP"]
         source_ip_groups      = var.ipg_onpremise_dc_id != null ? [var.ipg_azure_dc_id, var.ipg_onpremise_dc_id] : [var.ipg_azure_dc_id]
         destination_ip_groups = [var.ipg_dnsprivateresolver_id]
         destination_ports     = ["53"]