Event details
Firewall has to allow (by default) inbound 443 UDP to the file server.
yes that is the firewall for the server itself, but if this server is in my private datacenter, how does this connect with the outside world without a VPN on the client. I would need some external FQDN or IP adres and port mapping in edge firewall ?
- Yes, you'd need an FQDN the client can access and specified in the server certificate, and the file server reachable via port-forwarding/edge firewall/DMZ, etc.
- haven't tried it yet, can we use a public cert or a custom DNS Name, too, or does the cert have to contain the AD DNS FQDN? Just thinking loud if people would rather obfuscate the server DNS name. And a last bit, is there a support of SMB QUIC for targets using DFS Namespaces (DFS-N) and how to accomplish that, as usually the DFS-N servers are different from fileserver targets. TYVM.
- You would likely NOT be using the AD FQDN. You would generate a server QUIC cert with a subject alternative name using external FQDN reachable from a client for use as an SMB over QUIC endpoint; you can have many SAN entries, both internal and external FQDNs . It can be anything resolvable (even something not in DNS, where you use a HOSTS file on clients). DFSN is much more problematic as DFSN namespace servers cannot have alternative names. We have a feature on the roadmap to change DFSN for it to support SMB over QUIC referrals.
