Solved

MS Remote Assist does not work to PC behind Nokia IP390 secured with Checkpoint.

Posted on 2007-12-03
3
1,226 Views
Last Modified: 2013-11-16
Hi, I am trying to use Remote Assistance on a group of Windows XP SP1 workstations which are now in a network behind a Nokia IP390 firewall.  This previously worked before the Nokia was implemented.

There is only one entry in the firewall rule base, *any *any *any accept.  This is because we are currently monitoring what traffic is flowing through this gateway.

When trying to remote assist a workstation I get this message "The remote server machine does not exist or is unavailable" and I get one checkpoint accept log entry for epmap followed immediately by a reject entry for epmap, with Attack information of "DCE-RPC Enforcement Violation UUID is not allowed through the Rule Base".

I have edited the Checkpoint Smart Center dcerpc.def and changed "define ALLOW_135 0" to "define ALLOW_135 1" and pushed the policies, but this issue still exists.

Does anyone have any ideas what I can try next?
0
Comment
Question by:nowonmai666
  • 2
3 Comments
 
LVL 14

Expert Comment

by:grimkin
Comment Utility
HIya,

Do you have SmartDefense running?
0
 

Author Comment

by:nowonmai666
Comment Utility
Hello

Smart defense has been disabled or set to monitor only where possible.

I found out that the Smart center is running R65 HFA02 but the Nokia IPSO was not.  HFA02 contains a fix where smart defense is still blocking traffic even though it is disabled.  I've patched both Nokia firewalls, just waiting for a suitable time to turn the rule base back on as they are currently only routing traffic.
0
 

Accepted Solution

by:
nowonmai666 earned 0 total points
Comment Utility
Fixed my problem.  Patched Nokia IPSO to 4.2-Build078,  Checkpoint NGX R65 HFA02.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now