Solved

Question about Microsoft RPC and firewalls

Posted on 2013-02-05
2
502 Views
Last Modified: 2013-02-06
Experts,

Suppose I have client-A on DMZ1 and server-B on DMZ2.
I allow CLIENT-A to reach server-B on TCP-135.

Suppose the RPC mapper on the server now tells the client to connect on port 1023.
Am I correct to assume this second connection is a new tcp session and if it's not permitted in the firewall ACL, then it will be dropped?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 500 total points
ID: 38858535
yes 135 is a port mapper and therefore unless your firewall allows dynamic port mapping then it won't work
you could open the additional port but generally it open something in a massive range of ports at random

Generally if you open up this the firewall becomes almost pointless as its got more holes than swiss cheese.

Depending on the application you can tie it down so that it uses static ports even if its still in a range
0
 

Author Closing Comment

by:trojan81
ID: 38859266
well done thank you
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question