Change the Default Port for the Active Directory Server

If your WatchGuard device is configured to authenticate users with an Active Directory (AD) authentication server, it connects to the Active Directory server on the standard LDAP port by default, which is TCP port 389. If the Active Directory servers that you add to your WatchGuard device configuration are set up to be Active Directory global catalog servers, you can tell the WatchGuard device to use the global catalog port—TCP port 3268—to connect to the Active Directory server.

A global catalog server is a domain controller that stores information about all objects in the forest. This enables the applications to search Active Directory, but not have to refer to specific domain controllers that store the requested data. If you have only one domain, Microsoft recommends that you configure all domain controllers as global catalog servers.

If the primary or secondary Active Directory server you use in your WatchGuard device configuration is also configured as a global catalog server, you can change the port the WatchGuard device uses to connect to the Active Directory server to increase the speed of authentication requests. However, we do not recommend that you create additional Active Directory global catalog servers just to speed up authentication requests. The replication that occurs among multiple global catalog servers can use significant bandwidth on your network.

Configure the XTM Device to Use the Global Catalog Port

  1. Select Authentication > Servers.
    The Authentication Servers page appears.
  2. In the Server list, select Active Directory.
    The Active Directory page appears with the list of configured servers.
  3. Select a server and click Edit.
  4. In the Port text box, clear the contents and type 3268.
  5. Click Save.

Find Out if Your Active Directory Server is Configured as a Global Catalog Server

  1. Select Start > Administrative Tools > Active Directory Sites and Services.
  2. Expand the Sites tree and find the name of your Active Directory server.
  3. Right-click NTDS Settings for your Active Directory server and select Properties.

If the Global Catalog check box is selected, the Active Directory server is configured to be a global catalog.

See Also

About Third-Party Authentication Servers

Configure Active Directory Authentication

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base