- The ATA Lightweight Gateway supports installation on a domain controller running Windows Server 2008 R2 SP1 ,Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
- The domain controller can be a read-only domain controller (RODC)
- Before installing ATA Lightweight Gateway on a domain controller running Windows Server 2012 R2, confirm that the following update has been installed: KB2919355.
- During installation, the .Net Framework 4.6.1 is installed and might cause a reboot of the domain controller.
- The ATA Lightweight Gateway requires a minimum of 2 cores and 6 GB of RAM installed on the domain controller
- or optimal performance, set the Power Optionof the ATA Lightweight Gateway to High Performance..
- virtual machine dynamic memory or any other memory ballooning feature is not supported.
- The ATA Center server, the ATA Lightweight Gateway servers, and the domain controllers must have time synchronized to within five minutes of each other.
- The ATA Lightweight Gateway monitors the local traffic on all of the domain controller’s network adapters.
- After deployment, you can use the ATA Console if you ever want to modify which network adapters are monitored.
- The Lightweight Gateway is not supported on domain controllers running Windows 2008 R2 with Broadcom Network Adapter Teaming enabled.
|DNS||TCP and UDP||53||DNS Servers||Outbound|
|NTLM over RPC||TCP||135||All devices on the network||Outbound|
|NetBIOS||UDP||137||All devices on the network||Outbound|
|Syslog (optional)||UDP||514||SIEM Server||Inbound|
|Netlogon (SMB, CIFS, SAM-R)||TCP and UDP||445||All devices on network||Outbound|
the following ports need to be open inbound on devices on the network from the ATA Lightweight Gateways.
- NTLM over RPC
- Using the Directory service user account, the ATA Lightweight Gateway queries endpoints in your organization for local admins using SAM-R (network logon) in order to build the lateral movement path graph.
- The following ports need to be open inbound on devices on the network from the ATA Gateway:
- NTLM over RPC (TCP Port 135) for resolution purposes
- NetBIOS (UDP port 137) for resolution purposes