Need help dfs share

tomcat667 · February 14, 2024, 1:12pm

Hi forum,

any idea how to rebuild access to Microsoft dfs shares.
Every week we run a script to get-out anything changed on the dfs server ip addresses.
but I want it a little bit smarter.

Can I use DNS based rules for this?

at the moment the rule is following

address-group servers {
10.10.20.10
10.10.20.11
10.10.20.12
10.10.20.13
description "\\myserver\dfsrb\DfsCOM\DIT"



 rule 12  {
            action accept
            description "dfs shares"
            destination {
                group {
					address-group servers
                    port-group fileshare-ports-tcp
				} 
            }
            protocol tcp
        }
        rule 13  {
            action accept
            description "dfs shares"
            destination {
                group {
					address-group servers
                    port-group fileshare-ports-udp
				} 
            }
            protocol udp

        port-group fileshare-ports-tcp {
            description "TCP Ports"
            port 88
            port 389
            port 445
            port 464
            port 636
            port 3268
            port 3269
        }
        port-group fileshare-ports-udp {
            description "UDP Ports"
            port 88
            port 123
            port 389
            port 464
        }

Korikaze · February 14, 2024, 1:59pm

There are domain groups you could use instead on 1.4 or newer.

tomcat667 · February 16, 2024, 2:28pm

yes this was the correct hint, but you need all your namespace servers and the file server that is used for the link inside the dfs share.

you have to ask your customer which file server is used for his dfs share.