[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 506
  • Last Modified:

Question about Microsoft RPC and firewalls

Experts,

Suppose I have client-A on DMZ1 and server-B on DMZ2.
I allow CLIENT-A to reach server-B on TCP-135.

Suppose the RPC mapper on the server now tells the client to connect on port 1023.
Am I correct to assume this second connection is a new tcp session and if it's not permitted in the firewall ACL, then it will be dropped?
0
trojan81
Asked:
trojan81
1 Solution
 
irweazelwallisCommented:
yes 135 is a port mapper and therefore unless your firewall allows dynamic port mapping then it won't work
you could open the additional port but generally it open something in a massive range of ports at random

Generally if you open up this the firewall becomes almost pointless as its got more holes than swiss cheese.

Depending on the application you can tie it down so that it uses static ports even if its still in a range
0
 
trojan81Author Commented:
well done thank you
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now