The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
DCE-RPC traffic is dropped on High Ports
Solution ID |
sk65676 |
Product |
Security Gateway |
Version |
R77, R77.10, R77.20, R77.30, R80.10 |
Platform / Model |
All |
Date Created |
2011-11-02 00:00:00.0
|
Last Modified |
2018-04-15 07:14:15.0
|
Symptoms
- SmartView Tracker logs show that DCE-RPC traffic on High Ports is dropped, although a rule with the ALL_DCE_RPC service exists.
Dropped traffic:
Cause
Possible reasons:
- The DCE-RPC traffic is matched to a rule that allows traffic on TCP port 135 and located above the rule with the "ALL_DCE_RPC" service.
- The RPC initiator (traffic on TCP port 135) must pass through the Security Gateway on the "ALL_DCE_RPC", so the session "real" traffic on the higher port will pass.
Solution
|
Note: To view this solution you need to
Sign In
.
|