06-13-2018 09:52 AM - edited 02-21-2020 07:52 AM
If I enable dce/rpc inspection, can I have active directory over firewalls without allowing dynamic ports?
I have 2012 R2 domain controllers in firewall segment and AD clients in a different subnet.
06-14-2018 07:14 AM
here is an older post on it.
https://supportforums.cisco.com/t5/security-documents/dcerpc-inspection-on-asa-pix-fwsm/ta-p/3126387
so theoretically it works. but packet inspection is not always a silver bullet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community