https://community.checkpoint.com/t5/Mobile/Microsoft-DirectAccess-Ports/m-p/5243#M40 <HTML><HEAD></HEAD><BODY><P>A quick Google search shows the following:</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P style="color: #2a2a2a; padding-bottom: 15px;">When using additional firewalls in your deployment, apply the following Internet-facing firewall exceptions for Remote Access traffic when the DirectAccess server is on the IPv4 Internet:</P><UL class="" style="color: #000000;"><LI><P style="color: #2a2a2a; padding-bottom: 15px;">Teredo traffic—User Datagram Protocol (UDP) destination port 3544 inbound, and UDP source port 3544 outbound.</P></LI><LI><P style="color: #2a2a2a; padding-bottom: 15px;">6to4 traffic—IP Protocol 41 inbound and outbound.</P></LI><LI><P style="color: #2a2a2a; padding-bottom: 15px;">IP-HTTPS—Transmission Control Protocol (TCP) destination port 443, and TCP source port 443 outbound. When the DirectAccess server has a single network adapter, and the network location server is on the DirectAccess server, then TCP port 62000 is also required.</P></LI></UL></BLOCKQUOTE><P>Source:&nbsp;<A class="link-titled" href="https://technet.microsoft.com/en-us/library/jj134204(v=ws.11).aspx" title="https://technet.microsoft.com/en-us/library/jj134204(v=ws.11).aspx">Step 1: Configure the DirectAccess Infrastructure3</A>&nbsp;</P></BODY></HTML> Mon, 14 Aug 2017 17:45:18 GMT PhoneBoy 2017-08-14T17:45:18Z https://community.checkpoint.com/t5/Mobile/Microsoft-DirectAccess-Ports/m-p/5242#M39 <HTML><HEAD></HEAD><BODY><P>Wondering if anyone has details on how they get MS DirectAccess to work through a Checkpoint Firewall.</P><P></P><P>My set up is as follows:</P><P>1) Server in DMZ that is the DA Server.</P><P>2) NAT setup to public IP.</P><P></P><P>I am having issues getting it to pass the&nbsp;checks for installation - specifically Active Directory Authentication. &nbsp;From what I can tell, everything appears to be in place.</P><P></P><P>Let me know what ports you opened, etc.</P></BODY></HTML> Mon, 14 Aug 2017 16:41:05 GMT https://community.checkpoint.com/t5/Mobile/Microsoft-DirectAccess-Ports/m-p/5242#M39 Adam_Hutcheson 2017-08-14T16:41:05Z https://community.checkpoint.com/t5/Mobile/Microsoft-DirectAccess-Ports/m-p/5243#M40 <HTML><HEAD></HEAD><BODY><P>A quick Google search shows the following:</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P style="color: #2a2a2a; padding-bottom: 15px;">When using additional firewalls in your deployment, apply the following Internet-facing firewall exceptions for Remote Access traffic when the DirectAccess server is on the IPv4 Internet:</P><UL class="" style="color: #000000;"><LI><P style="color: #2a2a2a; padding-bottom: 15px;">Teredo traffic—User Datagram Protocol (UDP) destination port 3544 inbound, and UDP source port 3544 outbound.</P></LI><LI><P style="color: #2a2a2a; padding-bottom: 15px;">6to4 traffic—IP Protocol 41 inbound and outbound.</P></LI><LI><P style="color: #2a2a2a; padding-bottom: 15px;">IP-HTTPS—Transmission Control Protocol (TCP) destination port 443, and TCP source port 443 outbound. When the DirectAccess server has a single network adapter, and the network location server is on the DirectAccess server, then TCP port 62000 is also required.</P></LI></UL></BLOCKQUOTE><P>Source:&nbsp;<A class="link-titled" href="https://technet.microsoft.com/en-us/library/jj134204(v=ws.11).aspx" title="https://technet.microsoft.com/en-us/library/jj134204(v=ws.11).aspx">Step 1: Configure the DirectAccess Infrastructure3</A>&nbsp;</P></BODY></HTML> Mon, 14 Aug 2017 17:45:18 GMT https://community.checkpoint.com/t5/Mobile/Microsoft-DirectAccess-Ports/m-p/5243#M40 PhoneBoy 2017-08-14T17:45:18Z