DCE-RPC traffic is dropped on High Ports

SUPPORT CENTER
USER CENTER / PARTNER MAP
CYBER TALK FOR EXECUTIVES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Blog
- Chinese
- Japanese
- Russian

PRODUCTS / SOLUTIONS
SOLUTIONS FOR...

Cloud

Data Center

Midsize & Enterprise

Less than 100 Employees

Home Office/Consumer
PRODUCT ARCHITECTURE

Check Point Infinity
PRODUCTS

NEXT GENERATION THREAT PREVENTION

SandBlast Zero-Day Protection

Threat Prevention Appliances & Software

Threat Intelligence

Web Security

DDOS Protection
MOBILE SECURITY

SandBlast Mobile

Check Point Capsule
ENDPOINT SECURITY
NEXT GENERATION FIREWALLS

vSEC for Public and Private Cloud

Data Center

Midsize & Enterprise

Small Business
SECURITY MANAGEMENT

Policy Management

Workflow and Orchestration

Integrated Threat Management

Smart-1 Management Appliances

See all products
INDUSTRIES

Retail / Point of Sale (POS)

Financial Services / ATM

Critical Infrastructure & ICS/SCADA

Public and Private Cloud

Government and Federal Institutions

Healthcare

Service Provider / Telco

Governance, Risk & Compliance (GRC)
ARCHITECTURE

Software Defined Protection (SDP)
SUPPORT / SERVICES
SUPPORT CENTER
SUPPORT PROGRAMS
SECURITY SERVICES
- ThreatCloud Incident Response
- ThreatCloud Managed Security Service
KNOWLEDGE AND EDUCATION
PROFESSIONAL SERVICES
- Design, Deploy, Operate and Optimize
- Lifecycle Management Services
PARTNERS
CHANNEL PARTNERS
- Become a Partner
- Find a Partner
TECHNOLOGY PARTNERS
- Technology Partners
PARTNER PORTAL
- PartnerMAP Sign In
COMPANY
COMPANY OVERVIEW
NEWS & MEDIA
EVENTS
- Events
- Webinars
CAREERS
- Search Jobs
BLOG

Support Center > Search Results > SecureKnowledge Details

DCE-RPC traffic is dropped on High Ports

Solution ID	sk65676
Product	Security Gateway
Version	R77, R77.10, R77.20, R77.30, R80.10, R80.20
Platform / Model	All
Date Created	2011-11-02 00:00:00.0
Last Modified	2019-01-17 07:29:17.0

Symptoms

SmartView Tracker logs show that DCE-RPC traffic on High Ports is dropped, although a rule with the ALL_DCE_RPC service exists.

Dropped traffic:
- DCE-RPC
- WMI
- SCCM

Cause

Possible reasons:

The DCE-RPC traffic is matched to a rule that allows traffic on TCP port 135 and located above the rule with the "ALL_DCE_RPC" service.
The RPC initiator (traffic on TCP port 135) must pass through the Security Gateway on the "ALL_DCE_RPC", so the session "real" traffic on the higher port will pass.

Solution

Note: To view this solution you need to Sign In .

©1994-2019 Check Point Software Technologies Ltd. All rights reserved.
Copyright | Privacy Policy