Did you know that the Windows Firewall will be on by default in future Longhorn Server releases? This has impact to you, when you install the any of the Networking related server roles in your NAP deployments you will have to make sure that the ports necessary for those servers to operate are open on the firewall.
In the case of the Network Policy Server (NPS) the following ports are used to receive requests:
UDP:1645 – Legacy RADIUS Authentication and Authorization
UDP:1646 – Legacy RADIUS Accounting
UDP:1812 – RADIUS Authentication and Authorization
UDP:1813 – RADIUS Accounting
While it needs to make outbound requests using:
TCP:389 – Lightweight Directory Access Protocol (LDAP)
Depending on the RADIUS clients you are communicating with you may only need to enable the “non-Legacy” inbound ports.
We are looking at ways we can have these settings created for you automatically when you install the component as well as dynamically updating them if they change, but in the mean time I suggest that if you’re not already running this way consider doing it; this is a great way to mitigate some of the risks of operating a server.
Tell us what you think about this change.
Ryan M. Hurst
Lead Program Manager
Layer 2 Authentication and Authorization
Windows Enterprise Networking