Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
4
Helpful
2
Replies

DCOM through a FWSM

gm-douglas
Level 1
Level 1

‎10-13-2008 06:11 AM - edited ‎03-11-2019 06:56 AM

I am trying to get Microsoft DCOM through a FWSM.

We use FWSM inside our network to protect our server subnets. One of the server is using RMC that is based on Microsoft DCOM.

My understanding is the DCOM uses port tcp/135 for the beginning of the conversation. It than switches to a port in the 1024-65535 range. It just seams like a waste of a firewall to open all ports in that range.

My understanding is that the DCERPC inspection is suppose to work on this protocol. This inspection is turned on in the global policy map and set for default.

service-policy global_policy global

policy-map global_policy

class inspection_default

inspect dcerpc

Is there anything special I need to get this going? Do I really need to open all tcp ports between 1024-65535?

Labels:
0 Helpful
2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

‎10-18-2008 10:47 PM

You should try your best to open a specific range only, this can be done by a registry hack in Windows:

http://msdn.microsoft.com/en-us/library/ms809327.aspx

Also ensure all communiction is in TCP and not UDP.

You can also use the 'established' command on the firewall instead of opening all ports falt out. However the established command is subject to some serious security riks (by virtue of bypassing the state checking).

Regards

Farrukh

cisco24x7
Level 6
Level 6
In response to Farrukh Haroon

‎10-19-2008 02:29 AM

Use Checkpoint firewall. It can inspect DCOM

ports without having to open ports >1023, just

like Active or Passive FTP.

my 2c

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card