Solved

Question about Microsoft RPC and firewalls

Posted on 2013-02-05
2
503 Views
Last Modified: 2013-02-06
Experts,

Suppose I have client-A on DMZ1 and server-B on DMZ2.
I allow CLIENT-A to reach server-B on TCP-135.

Suppose the RPC mapper on the server now tells the client to connect on port 1023.
Am I correct to assume this second connection is a new tcp session and if it's not permitted in the firewall ACL, then it will be dropped?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 500 total points
ID: 38858535
yes 135 is a port mapper and therefore unless your firewall allows dynamic port mapping then it won't work
you could open the additional port but generally it open something in a massive range of ports at random

Generally if you open up this the firewall becomes almost pointless as its got more holes than swiss cheese.

Depending on the application you can tie it down so that it uses static ports even if its still in a range
0
 

Author Closing Comment

by:trojan81
ID: 38859266
well done thank you
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question