I made some updates to the automated firewall rule generation script. This includes some updates to the firewall rule spreadsheet to give information on setting setic ports and port ranges for RPC based services. This csv file may be a good general reference even without the script.
1.4 – Fixed some logic around Client-Network processing to generate just rules to the same site for hub-transport/
Client-Access roles and to bypass $SkipSameSite settings.
– Updated the FirewallRules.csv to be more detailed for setting static ports for cross-site dags
(This is actually a really convenient reference in its own right)
– Added a region column to the exchange environment csv file for processing
1.3 – Added logic for client-network rules to only process them if they are in the same site as the Role
In our input exchange environment csv file if you want 2 sites to generate rules that allow them
to reach two other sites instead of just their own you will need to put the network in twice, once
for each site like so:
Client-Network,10.203.2.0/24,End User Network – Site1,Site1
Client-Network,10.203.2.0/24,End User Network – Site1,Site2