The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
DCE-RPC traffic is dropped on High Ports
Technical Level
Solution ID
sk65676
Technical Level
Product
Security Gateway
Version
R77.30, R80.10, R80.20, R80.30, R80.40
Platform / Model
All
Date Created
02-Nov-2011
Last Modified
01-Mar-2020
Symptoms
SmartView Tracker logs show that DCE-RPC traffic on High Ports is dropped, although a rule with the ALL_DCE_RPC service exists.
Dropped traffic:
DCE-RPC
WMI
SCCM
Cause
Possible reasons:
The DCE-RPC traffic is matched to a rule that allows traffic on TCP port 135 and located above the rule with the "ALL_DCE_RPC" service.
The RPC initiator (traffic on TCP port 135) must pass through the Security Gateway on the "ALL_DCE_RPC", so the session "real" traffic on the higher port will pass.
