Solved

checkpoint firewall allow msdtc and rpc

Posted on 2011-03-07
5
1,940 Views
Last Modified: 2012-05-11
Hi,

I need to allow the following through my checkpoint firewall r70.30
 •      MS RPC EndPoint
•      MS-DTC interface


It is possible to do this by protocol as apposed to just opening all the ports?
Also what about a UUID inside the packet?
0
Comment
Question by:neoptoent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35061115
MS RPC EndPoint is TCP port 135 (UUID E1AF8308-5D1F-11C9-91A4-08002B14A0FA)
MS-DTC interface is TCP port 3372 (UUID 906B0CE0-C70B-1067-B317-00DD010662DA)

So you could do it on a per protocol base.
0
 

Author Comment

by:neoptoent
ID: 35063587
What about the high ports needed like 1024 - 65....
would those be covered in the protocol settings?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35067180
Depends on what you mean exactly.
If you are referring to return traffic, that is allowed by default.
If you are referring to additional incoming connections, the checkpoint is a stateful firewall. This means that it 'knows' that related incoming traffic (related to the initial setup over one of those ports) should be allowed as well.
So you should be ok with that.
0
 

Author Comment

by:neoptoent
ID: 35069130
Are those protocol built into checkpoint so that I could just select them?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35069667
I think so, they are quite common.
You'll have to create the rules though.

 How-to-configure-the-Security-Po.doc
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Palo Alto Networks - find the sec zone 3 83
Force a WIFI client onto a specific access point 7 94
VTP servers with 3650 switches 5 54
Mac address in Nexus7K fex port 5 43
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question